{"id":"https://openalex.org/W3131420898","doi":"https://doi.org/10.1109/comsnets51098.2021.9352943","title":"Improving ML Detection of IoT Botnets using Comprehensive Data and Feature Sets","display_name":"Improving ML Detection of IoT Botnets using Comprehensive Data and Feature Sets","publication_year":2021,"publication_date":"2021-01-05","ids":{"openalex":"https://openalex.org/W3131420898","doi":"https://doi.org/10.1109/comsnets51098.2021.9352943","mag":"3131420898"},"language":"en","primary_location":{"id":"doi:10.1109/comsnets51098.2021.9352943","is_oa":false,"landing_page_url":"https://doi.org/10.1109/comsnets51098.2021.9352943","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on COMmunication Systems &amp; NETworkS (COMSNETS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032283368","display_name":"Misha Mehra","orcid":null},"institutions":[{"id":"https://openalex.org/I68891433","display_name":"Indian Institute of Technology Delhi","ror":"https://ror.org/049tgcd06","country_code":"IN","type":"education","lineage":["https://openalex.org/I68891433"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Misha Mehra","raw_affiliation_strings":["Indian Institute of Technology Delhi,Computer Science and Engineering,Delhi,India","Computer Science and Engineering, Indian Institute of Technology Delhi, Delhi, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Delhi,Computer Science and Engineering,Delhi,India","institution_ids":["https://openalex.org/I68891433"]},{"raw_affiliation_string":"Computer Science and Engineering, Indian Institute of Technology Delhi, Delhi, India","institution_ids":["https://openalex.org/I68891433"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046819616","display_name":"Jay N. Paranjape","orcid":"https://orcid.org/0009-0007-0152-5502"},"institutions":[{"id":"https://openalex.org/I68891433","display_name":"Indian Institute of Technology Delhi","ror":"https://ror.org/049tgcd06","country_code":"IN","type":"education","lineage":["https://openalex.org/I68891433"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Jay N. Paranjape","raw_affiliation_strings":["Indian Institute of Technology Delhi,Computer Science and Engineering,Delhi,India","Computer Science and Engineering, Indian Institute of Technology Delhi, Delhi, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Delhi,Computer Science and Engineering,Delhi,India","institution_ids":["https://openalex.org/I68891433"]},{"raw_affiliation_string":"Computer Science and Engineering, Indian Institute of Technology Delhi, Delhi, India","institution_ids":["https://openalex.org/I68891433"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034236411","display_name":"Vinay J. Ribeiro","orcid":"https://orcid.org/0000-0001-5627-5343"},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vinay J. Ribeiro","raw_affiliation_strings":["Indian Institute of Technology Bombay,Computer Science and Engineering,Mumbai,India","Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Bombay,Computer Science and Engineering,Mumbai,India","institution_ids":["https://openalex.org/I162827531"]},{"raw_affiliation_string":"Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, India","institution_ids":["https://openalex.org/I162827531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5032283368"],"corresponding_institution_ids":["https://openalex.org/I68891433"],"apc_list":null,"apc_paid":null,"fwci":0.6094,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.64624746,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"438","last_page":"446"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9901999831199646,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9317365884780884},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8700330853462219},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8309777975082397},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.601274847984314},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.568578839302063},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5578107237815857},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.454912930727005},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.42952215671539307},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4144821763038635},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.41443267464637756},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3946920931339264},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.39315658807754517},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2256544828414917},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2151055932044983},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1594506800174713}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9317365884780884},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8700330853462219},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8309777975082397},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.601274847984314},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.568578839302063},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5578107237815857},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.454912930727005},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.42952215671539307},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4144821763038635},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.41443267464637756},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3946920931339264},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39315658807754517},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2256544828414917},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2151055932044983},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1594506800174713},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/comsnets51098.2021.9352943","is_oa":false,"landing_page_url":"https://doi.org/10.1109/comsnets51098.2021.9352943","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on COMmunication Systems &amp; NETworkS (COMSNETS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W204188767","https://openalex.org/W598294359","https://openalex.org/W1669806660","https://openalex.org/W2053632570","https://openalex.org/W2153762839","https://openalex.org/W2172759716","https://openalex.org/W2340605665","https://openalex.org/W2582361049","https://openalex.org/W2748868501","https://openalex.org/W2794801050","https://openalex.org/W2810674385","https://openalex.org/W2901508923","https://openalex.org/W2902209387","https://openalex.org/W2907310707","https://openalex.org/W2962802821","https://openalex.org/W2963683434","https://openalex.org/W2994944553","https://openalex.org/W2996863842","https://openalex.org/W2999221729","https://openalex.org/W6618061014","https://openalex.org/W6637397297","https://openalex.org/W6685182571","https://openalex.org/W6743493502","https://openalex.org/W6745976546"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2097156747","https://openalex.org/W1599449514","https://openalex.org/W2559738661"],"abstract_inverted_index":{"In":[0,43],"recent":[1],"times,":[2],"the":[3,11,49,55,59,67,89,109,142,154,176,180,192,214,220,229,254,279],"world":[4],"has":[5,264,283],"seen":[6],"a":[7,52,62,183,209,224,238],"tremendous":[8],"increase":[9],"in":[10,166,170,223,243],"number":[12],"of":[13,20,30,51,61,69,106,168,182,189,216,219,281],"attacks":[14,22,39],"on":[15,40,82,268,286],"IoT":[16,32,96,119,122],"devices.":[17],"A":[18],"majority":[19],"these":[21,172],"have":[23],"been":[24,265,284],"botnet":[25,123],"attacks,":[26],"where":[27],"an":[28,202],"army":[29],"compromised":[31],"devices":[33,97],"is":[34,88],"used":[35],"to":[36,140,179,233,261],"launch":[37],"DDoS":[38],"targeted":[41],"systems.":[42,99],"this":[44,262],"paper,":[45],"we":[46,130],"study":[47],"how":[48],"choice":[50,92],"dataset":[53,110,177],"and":[54,98,125,160,195,212,231,246,273],"extracted":[56],"features":[57,139,190,230],"determine":[58],"performance":[60],"Machine":[63],"Learning":[64],"model,":[65,184,239],"given":[66],"task":[68],"classifying":[70],"Linux":[71,83,87],"Binaries":[72],"(ELFs)":[73],"as":[74,108,135,137],"being":[75],"benign":[76,245],"or":[77,153,157],"malicious.":[78],"Our":[79],"work":[80,263],"focuses":[81],"systems":[84],"since":[85],"embedded":[86],"more":[90],"popular":[91],"for":[93,111,207,237,276],"building":[94],"today's":[95],"We":[100,145,200,226,249,271],"propose":[101,131],"using":[102,132,240,253],"4":[103],"different":[104,244],"types":[105,159,188],"files":[107,124,222],"any":[112],"ML":[113,210],"model.":[114],"These":[115],"include":[116],"system":[117],"files,":[118,121],"application":[120],"general":[126],"malware":[127],"files.":[128,173,248],"Further,":[129],"static,":[133],"dynamic":[134],"well":[136],"network":[138],"do":[141],"classification":[143],"task.":[144],"show":[146,213],"that":[147],"existing":[148],"methods":[149],"leave":[150],"out":[151],"one":[152],"other":[155],"features,":[156],"file":[158],"hence,":[161],"our":[162],"model":[163,211],"outperforms":[164],"them":[165],"terms":[167],"accuracy":[169],"detecting":[171],"While":[174],"enhancing":[175],"adds":[178],"robustness":[181],"utilizing":[185],"all":[186],"3":[187],"decreases":[191],"false":[193,196],"positive":[194],"negative":[197],"rates":[198],"non-trivially.":[199],"employ":[201],"exhaustive":[203],"scenario":[204],"based":[205],"method":[206],"evaluating":[208],"importance":[215,236],"including":[217],"each":[218],"proposed":[221],"dataset.":[225],"also":[227],"analyze":[228],"try":[232],"explain":[234],"their":[235],"observed":[241],"trends":[242],"malicious":[247],"perform":[250],"feature":[251],"extraction":[252],"open":[255],"source":[256],"Limon":[257],"sandbox,":[258],"which":[259,282],"prior":[260],"tested":[266],"only":[267],"Ubuntu":[269,277],"14.":[270],"installed":[272],"configured":[274],"it":[275],"18,":[278],"documentation":[280],"shared":[285],"Github.":[287]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}