Deteksi Aktifitas Malware pada Internet of Things menggunakan Algoritma Decision Tree dan Random Forest
DOI:
https://doi.org/10.30865/klik.v4i6.1903Keywords:
Internet of Things (IoT); Malware; Machine Learning; Decision Tree; Random ForestAbstract
The Internet of Things (IoT) has become an integral part of modern life, connecting smart devices to enhance efficiency and convenience. However, with the increased adoption of IoT, cybersecurity threats, particularly malware, have also risen. This research focuses on detecting malware attacks in IoT networks using machine learning algorithms, specifically Decision Tree and Random Forest. The dataset used is CICIoT2023, which includes various types of IoT network traffic such as BenignTraffic, Mirai-greeth_flood, Mirai-greip_flood, and Backdoor_Malware. In this study, both algorithms demonstrated exceptionally high accuracy on the training data, reaching 100%, and on the test data, achieving 99.94% accuracy for the Random Forest algorithm and 99.90% for the Decision Tree algorithm. Although the performance of both algorithms on the training data was almost identical, Random Forest showed better performance in detecting the Backdoor_Malware class compared to Decision Tree when using test data. Random Forest achieved a precision of 99%, recall of 64%, and F1-Score of 78%, while Decision Tree achieved a precision of 71%, recall of 72%, and F1-Score of 72%. Results from 10-fold cross-validation indicate that the models did not experience overfitting, suggesting reliable and well-generalized models. This research provides insights that the Random Forest algorithm is more effective in detecting malware attacks in IoT networks compared to Decision Tree, particularly in identifying the Backdoor_Malware class. These findings are expected to contribute to the development of more efficient and reliable malware detection systems for IoT networks.
Downloads
References
H. Alasmary et al., “Analyzing and Detecting Emerging Internet of Things Malware: A Graph-based Approach,” IEEE Internet Things J, vol. 4662, no. c, pp. 1–1, 2019, doi: 10.1109/jiot.2019.2925929.
M. Wazid, A. K. Das, J. J. P. C. Rodrigues, S. Shetty, and Y. Park, “IoMT Malware Detection Approaches: Analysis and Research Challenges,” IEEE Access, vol. 7, pp. 182459–182476, 2019, doi: 10.1109/ACCESS.2019.2960412.
A. Kumar and T. J. Lim, “EDIMA: Early Detection of IoT Malware Network Activitay Using Machine Learning Techniques,” 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), pp. 289–294, 2019, doi: 10.1109/wf-iot.2019.8767194.
ec-council, Ec-Council Official Curricula Hacking Essentials Ethical PROFESSIONAL SERIES, Version 1. New Mexico: EC-Council, 2021.
E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment,” Sensors, vol. 23, no. 13, p. 5941, 2023, doi: 10.3390/s23135941.
A. Guerra-Manzanares, J. Medina-Galindo, H. Bahsi, and S. Nõmm, “MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network,” ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy, no. March, pp. 207–218, 2020, doi: 10.5220/0009187802070218.
M. A. S. Arifin, D. Stiawan, Susanto, J. Rejito, Mohd. Y. Idris, and R. Budiarto, “Denial of Service Attacks Detection on SCADA Network IEC 60870-5-104 using Machine Learning,” in International Conference on Electrical Engineering, Computer Science and Informatics (EECSI) 2021, 2021, pp. 228–232. doi: 10.23919/eecsi53397.2021.9624255.
M. A. S. Arifin, D. Stiawan, and B. Y. Suprapto, “Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870 ? 5 ? 104,” IET Cyber?Physical Systems: Theory & Applications, no. November 2023, 2024, doi: 10.1049/cps2.12085.
F. Xiao, Z. Lin, Y. Sun, and Y. Ma, “Malware Detection Based on Deep Learning of Behavior Graphs,” Math Probl Eng, vol. 2019, 2019, doi: 10.1155/2019/8195395.
H. Takase, R. Kobayashi, M. Kato, and R. Ohmura, “A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information,” Int J Inf Secur, 2019, doi: 10.1007/s10207-019-00437-y.
N. Gupta, V. Jindal, and P. Bedi, “LIO-IDS: Handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system,” Computer Networks, vol. 192, no. March, pp. 1–19, 2021, doi: 10.1016/j.comnet.2021.108076.
P. I. priyadarsini, ABC-BSRF: Artificial Bee Colony and Borderline-SMOTE RF Algorithm for Intrusion Detection System on Data Imbalanced Problem, vol. 56. Springer Singapore, 2021. doi: 10.1007/978-981-15-8767-2_2.
H. Shafique, A. A. Shah, M. A. Qureshi, and M. K. Ehsan, “Machine Learning Empowered Efficient Intrusion Detection Framework,” VFAST Transactions on Software Engineering, vol. 10, no. 2, pp. 27–35, 2022, doi: http://dx.doi.org/10.21015/vtse.v10i2.1017.
M. Artur, “Review the performance of the Bernoulli Naïve Bayes Classifier in Intrusion Detection Systems using Recursive Feature Elimination with Cross-validated selection of the best number of features,” Procedia Comput Sci, vol. 190, no. 2019, pp. 564–570, 2021, doi: 10.1016/j.procs.2021.06.066.
B. Charbuty and A. Abdulazeez, “Classification Based on Decision Tree Algorithm for Machine Learning,” Journal of Applied Science and Technology Trends, vol. 2, no. 01, pp. 20–28, 2021, doi: 10.38094/jastt20165.
M. Hilda, L. Louk, and B. Adhi, “Dual-IDS?: A bagging-based gradient boosting decision tree model for network anomaly intrusion detection system,” Expert Syst Appl, vol. 213, no. PB, p. 119030, 2023, doi: 10.1016/j.eswa.2022.119030.
A. Ghani, M. Rafie, and F. M. Abdalla Ali, “Enchancing Hybrid Intrusion Detection and Prevention System for Flooding Attacks Using Decision Tree,” in International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), 2019, pp. 2–5. [Online]. Available: https://www.ptonline.com/articles/how-to-get-better-mfi-results
R. M. Mohana, C. K. K. Reddy, P. R. Anisha, and B. V. R. Murthy, “Random forest algorithms for the classification of tree-based ensemble,” Mater Today Proc, 2021, doi: 10.1016/j.matpr.2021.01.788.
N. Farnaaz and M. A. Jabbar, “Random Forest Modeling for Network Intrusion Detection System,” Procedia Comput Sci, vol. 89, pp. 213–217, 2016, doi: 10.1016/j.procs.2016.06.047.
T. Wu, H. Fan, H. Zhu, C. You, H. Zhou, and X. Huang, “Intrusion detection system combined enhanced random forest with SMOTE algorithm,” EURASIP J Adv Signal Process, vol. 2022, no. 1, 2022, doi: 10.1186/s13634-022-00871-6.
M. S. Rafsanjani, V. Suryani, and R. R. Pahlevi, “Deteksi serangan botnet pada jaringan internet of things menggunakan algoritma random forest,” e-Proceeding of Engineering, vol. 9, no. 3, pp. 1862–1871, 2022.
A. C. Müller and S. Guido, “Introduction to Machine Learning with Python A GUIDE FOR DATA SCIENTISTS Introduction to Machine Learning with Python.” 2016
Bila bermanfaat silahkan share artikel ini
Berikan Komentar Anda terhadap artikel Deteksi Aktifitas Malware pada Internet of Things menggunakan Algoritma Decision Tree dan Random Forest
ARTICLE HISTORY
Issue
Section
Copyright (c) 2024 M. Agus Syamsul Arifin, Andri Anto Tri Susilo, Susanto Susanto, A. Taqwa Martadinata, Budi Santoso
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).