IoT Botnet Detection using Black-box Machine Learning Models: the Trade-off between Performance and Interpretability - Archive ouverte HAL Access content directly
Conference Papers Year : 2021

IoT Botnet Detection using Black-box Machine Learning Models: the Trade-off between Performance and Interpretability

(1) , (1) , (1)
1

Abstract

The growth of the Internet of Things (IoT) has led to the increase of new threats, particularly IoT botnets that are a serious cybersecurity concern. This paper proposes a Machine Learning (ML) framework using black-box models for IoT botnet detection. It offers a trade-off between performance - high model accuracy - and interpretability - by providing security experts with explainable results. Our experimentation on real traffic data infected with Mirai and Bashlite malwares, showed that the framework achieves the best accuracy using random forest and extra tree models. In addition, it provides security experts with information on features that are important for a particular instance (i.e., local interpretation) and for the whole dataset (i.e., global interpretation), allowing them to trust the models results and save time and resources.
Not file

Dates and versions

hal-03877517 , version 1 (29-11-2022)

Identifiers

Cite

Nourhene Ben Rabah, Benedicte Le Grand, Manuele Kirsch Pinheiro. IoT Botnet Detection using Black-box Machine Learning Models: the Trade-off between Performance and Interpretability. 2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Oct 2021, Bayonne, France. pp.101-106, ⟨10.1109/WETICE53228.2021.00030⟩. ⟨hal-03877517⟩

Collections

UNIV-PARIS1 CRI
0 View
0 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More