IoT network Malicious Behaviour Profiling Based on Explainable AI Using LSTM and SHAP

Loading...
Thumbnail Image

Date

2024-11-07

Authors

Niktabe, Sepideh

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

The proliferation of IoT devices has enhanced connectivity but exposed networks to new cyber threats, particularly from botnets. Detecting and identifying malicious data is critical for early threat detection, understanding botnet attack patterns, and deploying countermeasures. This research proposes an IoT Bot detection and identification profiling model using XAI. The proposed model introduces a novel feature selection techqnique with the XGBoost algorithm and a correlation-based feature selection technique to enhance efficiency. An optimized LSTM neural network enables accurate bot detection and identification, with hyperparameters selected using the Bayesian Optimization algorithm. SHAP analysis provides insightful individual and collective bot characteristic profiles. The model’s performance was evaluated using the augmented BCCC-Aposemat-Bot-IoT-24 dataset, built upon the Aposemat-Bot-IoT-23 dataset, and compared against established models assessed primarily on the same dataset in previous research. The results showed that the proposed model performed comparably to these models, with distinct advantages, including handling sequential and time-series data, managing imbalanced datasets, and providing explainable insights into botnet behavior. The model’s design also emphasizes computational efficiency, making it potentially suitable for deployment in resource-constrained environments.

Description

Keywords

Computer science

Citation

Collections