Towards an efficient approach using graph-based evolutionary algorithm for IoT botnet detection

Quoc-Dung Ngo, Huy-Trung Nguyen


In recent years, a large number of Internet of Things devices are used in life, many of which are vulnerable to attacks from a security perspective. Botnet malware is one of the main threats to IoT devices. Hence detection of IoT botnet is one of the most important challenge for IoT devices. This paper proposes an IoT botnet detection approach base on PSI graph data combine with evolutionary algorithm-based technique. To the best of our knowledge, there have been no studies that used evolutionary algorithms to support detecting multi-architecture IoT botnet. The proposed method has achieved good experimental results (i.e., 95.30%). The approach also achieves a relatively low false-positive rate at 4.59%.

Full Text:



Statista Research Department., “Internet of Things‐Number of connected devices worldwide 2015‐2025,” 2019.

“Al-Hadhrami, Y. and Hussain, F.K., 2021. DDoS attacks in IoT networks: a comprehensive systematic literature review. World Wide Web, 24(3), pp.971-1001.”

Sérgio S.C. Silva , Rodrigo M.P. Silva , Raquel C.G. Pinto , Ronaldo M. Salles, “Botnets: A survey,” J. Comput. Netw. Elsevier, vol. 57, no. 2, pp. 378–403, 2013.

Bertino, E. and Islam, N., “Botnets and internet of things security,” Computer, vol. 50, no. 2, pp. 76–79, 2017.

“Ozawa, S., Ban, T., Hashimoto, N., Nakazato, J. and Shimamura, J., 2020. A study of IoT malware activities using association rule learning for darknet sensor data. International Journal of Information Security, 19(1), pp.83-92.”

“Peters, W., Dehghantanha, A., Parizi, R.M. and Srivastava, G., 2020. A comparison of state-of-the-art machine learning models for OpCode-based IoT malware detection. In Handbook of Big Data Privacy (pp. 109-120). Springer, Cham.”

“Takase, H., Kobayashi, R., Kato, M. and Ohmura, R., 2020. A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information. International Journal of Information Security, 19(1), pp.71-81.”

Le, H.V. and Ngo, Q.D., “V-Sandbox for Dynamic Analysis IoT Botnet,” IEEE Access, vol. 8, pp. 145768–145786, 2020.

Nguyen, H.T., Ngo, Q.D. and Le, V.H., ., “A novel graph-based approach for IoT botnet detection,” Int. J. Inf. Secur., vol. 19, no. 5, pp. 567–577, 2020.

Ma, W., Duan, P., Liu, S., Gu, G. and Liu, J.C., “Shadow attacks: automatically evading system-call-behavior based malware detection,” J. Comput. Virol., vol. 8, no. 1, pp. 1–13, 2012.

“Quoc-Dung Ngo, Huy-Trung Nguyen, et al., A survey of IoT malware and detection methods based on static features, ICT Express, Volume 6, Issue 4, pp. 280-286, 2020.”

“Ngo, Q.D., Nguyen, H.T., Tran, H.A. and Nguyen, D.H., 2021, January. IoT Botnet detection based on the integration of static and dynamic vector features. In 2020 IEEE Eighth International Conference on Communications and Electronics (ICCE) (pp. 540-545). IEEE.”

“Xiao, L., Wan, X., Lu, X., Zhang, Y. and Wu, D., 2018. IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?. IEEE Signal Processing Magazine, 35(5), pp.41-49.”

“Borello, J.M. and Mé, L., 2008. Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology, 4(3), pp.211-220.”

“Souri, A. and Hosseini, R., 2018. A state-of-the-art survey of malware detection approaches using data mining techniques. Human-centric Computing and Information Sciences, 8(1), pp.1-22.”

Manavi, F. and Hamzeh, A., “A new approach for malware detection based on evolutionary algorithm,” 2019, pp. 1619–1624.

Shafiq, M.Z., Tabish, S.M. and Farooq, M., “On the appropriateness of evolutionary rule learning algorithms for malware detection,” 2009, pp. 2609–2616.

Rafique, M.Z., Chen, P., Huygens, C. and Joosen, W., “Evolutionary algorithms for classification of malware families through different network behaviors,” 2014, pp. 1167–1174.

“Lysenko, S., Bobrovnikova, K., Shchuka, R. and Savenko, O., 2020, May. A cyberattacks detection technique based on evolutionary algorithms. In 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 127-132). IEEE.”

“Hashemi, H., Azmoodeh, A., Hamzeh, A. and Hashemi, S., 2017. Graph embedding as a new approach for unknown malware detection. Journal of Computer Virology and Hacking Techniques, 13(3), pp.153-166.”

Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C. and Bringas, P.G., “Idea: Opcode-sequence-based malware detection,” 2010, pp. 35–43.

Yin, C., Awlla, A.H., Yin, Z. and Wang, J., “Botnet detection based on genetic neural network,” Int. J. Secur. Its Appl., vol. 9, no. 11, pp. 97–104, 2015.

A. Narayanan, M. Chandramohan, R. Venkatesan, L. Chen, Y. Liu, and S. Jaiswal, “graph2vec: Learning distributed representations of graphs,” ArXiv Prepr. ArXiv170705005, 2017.

F. Hatwágner and A. Horváth, “Maintaining genetic diversity in bacterial evolutionary algorithm,” Ann. Univ Sci Bp. Sec Comp, vol. 37, pp. 175–194, 2012.

H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A deep recurrent neural network based approach for internet of things malware threat hunting,” Future Gener. Comput. Syst., vol. 85, pp. 88–96, 2018.

J. Su, D. V. Vasconcellos, S. Prasad, D. Sgandurra, Y. Feng, and K. Sakurai, “Lightweight classification of IoT malware based on image recognition,” 2018, vol. 2, pp. 664–669.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.