Semester
Spring
Date of Graduation
2021
Document Type
Problem/Project Report
Degree Type
MS
College
Statler College of Engineering and Mineral Resources
Department
Lane Department of Computer Science and Electrical Engineering
Committee Chair
Katerina Goseva-Popstojanova
Committee Member
Roy Nutter
Committee Member
Thomas Devine
Abstract
Although desktops and laptops have historically composed the bulk of botnet nodes, Internet of Things (IoT) devices have become more recent targets. Lightbulbs, outdoor cameras, watches, and many other small items are connected to WiFi and each other; and few have well-developed security or hardening. Research on botnets typically leverages honeypots, PCAPs, and network traffic analysis tools to develop detection models. The research questions addressed in this Problem Report are: (1) What machine learning algorithm performs the best in a binary classification task for a representative dataset of malicious and benign IoT traffic; and (2) What features have the most predictive power? This research showed that the best performing algorithms were Random Forest with accuracy of 97.45% and F1 score of 97.39%; and the Linear SVM with a recall score of 99.90%. The most important features for the classification were: time of day, history, protocol, and count of origin bytes sent. Of these, time of day and volume of traffic coming from the same IP addresses are consistent for port scanning, infection, and distributed denial of service attacks.
Recommended Citation
Austin, Michael, "IoT Malicious Traffic Classification Using Machine Learning" (2021). Graduate Theses, Dissertations, and Problem Reports. 8024.
https://researchrepository.wvu.edu/etd/8024
Comments
I believe I addressed all of the issues in your email. Thank you for the links.