Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset

The proliferation of IoT systems, has seen them targeted by malicious third parties. To address this challenge, realistic protection and investigation countermeasures, such as network intrusion detection and network forensic systems, need to be effectively developed. For this purpose, a well-structu...

Full description

Saved in:
Bibliographic Details
Published inFuture generation computer systems Vol. 100; pp. 779 - 796
Main Authors Koroniotis, Nickolaos, Moustafa, Nour, Sitnikova, Elena, Turnbull, Benjamin
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.11.2019
Subjects
Bot-IoT dataset
Forensics analytics
Network flow
Network forensics
Forensics analytics
Bot-IoT dataset
Network forensics
Network flow
Online AccessGet full text

Cover

More Information
Summary:The proliferation of IoT systems, has seen them targeted by malicious third parties. To address this challenge, realistic protection and investigation countermeasures, such as network intrusion detection and network forensic systems, need to be effectively developed. For this purpose, a well-structured and representative dataset is paramount for training and validating the credibility of the systems. Although there are several network datasets, in most cases, not much information is given about the Botnet scenarios that were used. This paper proposes a new dataset, so-called Bot-IoT, which incorporates legitimate and simulated IoT network traffic, along with various types of attacks. We also present a realistic testbed environment for addressing the existing dataset drawbacks of capturing complete network information, accurate labeling, as well as recent and complex attack diversity. Finally, we evaluate the reliability of the BoT-IoT dataset using different statistical and machine learning methods for forensics purposes compared with the benchmark datasets. This work provides the baseline for allowing botnet identification across IoT-specific networks. The Bot-IoT dataset can be accessed at Bot-iot (2018) [1]. •Designing a new realistic Bot-IoT dataset and give a detailed description of designing the testbed configuration and simulated IoT sensors.•Analyzing the proposed features of the dataset using Correlation Coefficient and Joint Entropy techniques.•Evaluating the performance of network forensic methods, based on machine and deep learning algorithms using the botnet-IoT dataset compared with popular datasets.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2019.05.041