Research On Botnet Detection In Lot Based On Improved UNet

The widespread deployment of the Internet of Things(Io T)is accompanied by a large number of infrastructure devices connected to the Internet.Therefore,attackers may infect and control many Io T devices,and launch massive-scale Botnet attacks that has a huge infected on the Internet environment.Artificial intelligence technology has made significant progress in many areas of cyberspace security and is used in the Internet of Things for detection and defense against new types of cyberattacks.Nowadays,most methods of Io T Botnet detection methods are mainly supervised learning-based.Existing commonly based on feature extraction on a large number of known attack samples and then train artificial intelligence models for detection.Some typical models include: KNN(K-Nearest Neighbor),SVM(Support Vector Machine),XGBoost,etc.The implementation of the above methods relies on a large number of‘labeled’ attack samples.This takes a long time for feature extraction and sample preprocessing.Meanwhile,the detection accuracy of the existing models are gradually saturated while the detection performance to new variants and stealth variant malware is poor.Therefore,the research focus and difficulty of this thesis are designing an end-to-end Botnet detection method targeting the massive Io T environment.Viruses and network attacks in Io T are shown to be with some distinctiveness.Botnet attacks,represented by Mirai,are characterized by their complex attack patterns,highly stealthy,fast spreading speed,wide coverage area,and so on.Meanwhile,most of the devices in the Io T are terminal devices with low hardware configuration.Those terminal devices are incapable of supporting the state-of-the-art network attack defense strategies designed for the Internet.Therefore,with the aim of designing a deep learning-based model for Botnet detection in Io T.This thesis makes the following improvements by optimizing both the detection models and the input data simultaneously.(1)UNet detection model,suitable for image segmentation and classification tasks,is introduced for one dimensional processing.By integrating both local features and global features extracted from Botnet traffic data,a One-Dimensional UNet(1D-UNet)is designed for Botnet detection in Io T.Through detailed experiments,this model is proved to be with 99% accuracy for Botnet detection.(2)Considering the high standard requirements on low energy consumption to Io T devices,this thesis introduces depth-wise separable convolution operation on1D-Unet to achieve lightweight processing.A One-Dimensional Lightweight UNet(1D-L-UNet)is proposed by increasing the stride length during the convolutional computing processes,together with substituting the original down-sampling pooling operation with feature reduction operations in the process of the feature extraction process.The experimental results proves that 1D-L-UNet achieves comparable performance when compared with 1D-UNet while reducing the scale of both parameters and computations to 30% of the original model.Meanwhile,1D-L-UNet achieves the best detection accuracy of 99.66% under the optimal parameter setting and is 0.43% higher than other similar methods.(3)The Botnet attacks are usually accompanied by Distributed Denial-of-Service(DDo S)attacks while generating a large number of network packets.In order to meet the needs of deploying detection mechanisms on terminal devices with weak data processing capabilities,we propose an optimization method for network data packets that are used to detect attacks.The proposed method is based on the data packets selection mechanism when packets with effective payload is firstly observed.This method helps lowering the dependency of detection accuracy on the number of data packets.The experimental results prove that the Botnet detection accuracy achieves99.27% by only implementing the feature extraction to one data packet after optimization.Compared with conventional data processing methods,the 1D-L-UNet model reduces the amount of computation by 87%,greatly reducing the scale of data that the terminal device needs to process.