Collaborative device-level botnet detection for internet of things

Cyber attacks on the Internet of Things (IoT) have seen a significant increase in recent years. This is primarily due to the widespread adoption and prevalence of IoT within domestic and critical national infrastructures, as well as inherent security vulnerabilities within IoT endpoints. Therein, botnets have emerged as a major threat to IoT-based infrastructures targeting firmware vulnerabilities such as weak or default passwords to assemble an army of compromised devices which can serve as a lethal cyber-weapon against target systems, networks, and services. In this paper, we present our effort s to mitigate this challenge through the development of an intrusion detection system that resides within an IoT de-vice to provide enhanced visibility thereby achieving security hardening of such devices. The device-level intrusion detection presented here is part of our research framework BTC_SIGBDS (Blockchain-powered, Trustworthy, Collaborative, Signature-based Botnet Detection System). We identify the research challenge through a systematic critical review of existing literature and present detailed design of the device-level component of the BTC_SIGBDS framework. We use a signature-based detection scheme with trusted signa-ture updates to strengthen protection against emerging attacks. We have evaluated the suitability and en-hanced the capability through the generation of custom signatures of two of the most famous signature -based IDS with ISOT, IoT23, and BoTIoT datasets to assess the effectiveness with respect to detection of anomalous traffic within a typical resource-constrained IoT network in terms of number of alerts, detec-tion rates, detection time as well as in terms of peak CPU and memory usage.(c) 2023 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )