Ensemble Feature Engineering and Deep Learning for Botnet Attacks Detection in the Internet of Things

ABSTRACT

The Internet of Things (IoT) has revolutionized how people involve with technological innovations. However, this development has also brought up significant security concerns. The increasing number of IoT attacks poses a serious risk to individuals and businesses equally. In response, this article introduces an ensemble feature engineering method for effective feature selection, based on a systematic behavioral analysis by means of artificial intelligence. This method identifies and highlights the most relevant features from IoT botnet dataset, facilitating accurate detection of both malicious and benign traffic. To detect IoT botnet attacks, the ensemble feature engineering method incorporates distinct approaches, including a genetic algorithm‐based genetic approach, filter selection methods such as mutual information, LASSO regularization, and forward‐backward search. A merger approach then combines these results, addressing redundancy and irrelevance. As well, a wrapper algorithm called recursive feature removal is applied to further refine the feature selection process. The effectiveness of the selected feature set is validated by means of deep learning algorithms (CNN, RNN, LSTM, and GRU) rooted in artificial intelligence, and applied to the IoT‐Botnet 2020 dataset. Results demonstrate encouraging performance, with precision between 97.88% and 98.99%, recall scores between 99.10% and 99.95%, detection accuracy between 98.05% and 99.21%, and an F1‐score ranging from 98.45% to 99.82%. Moreover, the ensemble feature engineering approach achieved precision of 98.26%, recall score of 99.68%, detection accuracy of 98.49%, F1‐measure of 99.00%, an AUC‐ROC of 82.37% and specificity of 98.38%. These outcomes highlight the method's robust performance in identifying both malicious and benign IoT botnet traffic.