Multi-stage attack detection: emerging challenges for wireless networks

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U.

03 February 2023

Yes / Multi-stage attacks (MSAs) are among the most serious threats in cyberspace today. Criminals target big organisations and government critical infrastructures mainly for financial gain. These attacks are becoming more advanced and stealthier, and thus have capabilities to evade Intrusion Detection Systems (IDSs). As a result, the attack strategies used in the attack render IDSs ineffective, particularly because of new security challenges introduced by some of the key emerging technologies such as 5G wireless networks, cloud computing infrastructure and Internet of Things (IoT), Advanced persistent threats (APTs) and botnet attacks are examples of MSAs, these are serious threats on the Internet. This work analyses recent MSAs, outlines and reveals open issues, challenges and opportunities with existing detection methods.

5G

Internet of Things

Multi-stage attack

Botnet attack

Advanced persistent threats

Machine learning

Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U.

01 August 2022

Yes / The world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML) based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on Maximal Frequent Itemset (MFI) mining. The proposed feature selection method uses Gini Impurity (GI) and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a True Positive Rate (TPR) of 100% and a False Positive Rate (FPR) of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system.

Botnet attack

Internet of Things

Network security

Intrusion detection system

Machine learning

Feature selection

Latent Semantic Analysis and Graph Theory for Alert Correlation: A Proposed Approach for IoT Botnet Detection

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan, El Hindi, K., Mahendran, A.

16 July 2024

Yes / In recent times, the proliferation of Internet of Things (IoT) technology has brought a significant shift in the digital transformation of various industries. The enabling technologies have accelerated this adoption. The possibilities unlocked by IoT have been unprecedented, leading to the emergence of smart applications that have been integrated into national infrastructure. However, the popularity of IoT technology has also attracted the attention of adversaries, who have leveraged the inherent limitations of IoT devices to launch sophisticated attacks, including Multi-Stage attacks (MSAs) such as IoT botnet attacks. These attacks have caused significant losses in revenue across industries, amounting to billions of dollars. To address this challenge, this paper proposes a system for IoT botnet detection that comprises two phases. The first phase aims to identify IoT botnet traffic, the input to this phase is the IoT traffic, which is subjected to feature selection and classification model training to distinguish malicious traffic from normal traffic. The second phase analyses the malicious traffic from stage one to identify different botnet attack campaigns. The second stage employs an alert correlation approach that combines the Latent Semantic Analysis (LSA) unsupervised learning and graph theory based techniques. The proposed system was evaluated using a publicly available real IoT traffic dataset and yielded promising results, with a True Positive Rate (TPR) of over 99% and a False Positive Rate (FPR) of 0%. / Researchers Supporting Project, King Saud University, Riyadh, Saudi Arabia, under Grant RSPD2024R953

Botnet attack

Internet of Things

Graph-based analysis

Intrusion detection system

Machine learning

Latent semantic analysis