Ensemble Adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles

• Published in: Transactions on emerging telecommunications technologies Vol. 33; no. 10
• Main Authors: Rehman Javed, Abdul, Jalil, Zunera, Atif Moqurrab, Syed, Abbas, Sidra, Liu, Xuan
• Format: Journal Article
• Language: English
• Published: 01.10.2022
• ISSN: 2161-3915; 2161-3915
• DOI: 10.1002/ett.4088

The key characteristic of smart cities (ie, connectivity and intelligence) has enabled connected vehicles to work together to accomplish complex jobs that they are unable to perform individually. Connectivity not only being an inevitable blessing but also poses growing cybersecurity challenges for connected vehicles. The overall risk of connected vehicles is wide as the cybercriminals are nowadays applying versatile approaches (botnets, phishing, zero‐days, rootkits, etc) to disrupt their communication. The botnet, capable of launching distributed denial of service attack, is a potential threat for any connected ecosystem due to its excessive capabilities of using maximum compromised devices. Hence, the detection of botnet attacks has become a pinnacle point for cybersecurity analysts. Existing studies lack in detecting botnet at the earliest and accurately. This article presents an approach to detect the botnet attacks at an early stage and accurately utilizing typical network traffic and temporal features. The proposed approach use machine learning algorithms for the detection of botnet attack(s) and present a detailed comparison of the decision tree, probabilistic neural network, sequential minimal optimization, and Adaboost classifiers, as well as comparison of the proposed approach with existing studies in this domain, is also done. Furthermore, it investigates the role of temporal features for botnet detection. The proposed approach accomplishes the promising true positive rate of 99.7%. Results show that our methodology is efficient compared with the existing studies. This graphical explains the botnet detection and identification process where the pre‐segmented network activities are given as features for pre‐processing. Next regular and temporal features are extracted and given as input to the machine learning classifier to be detected as Botnet or normal network activity.