Mirai Botnet Multi-Class Attack Detection Through Machine Learning and Feature Selection

Abstract

Machine Learning (ML), which provides timely insights for efficient threat identification and prevention, has become a crucial cybersecurity technology. However, the growing number of features in modern datasets increases both processing complexity and computational cost. By concentrating on feature selection and extraction techniques, this study seeks to improve the efficacy of Mirai botnet analysis. A data extraction approach that transforms Internet of Things (IoT) network attack datasets (in Packet Capture (PCAP) format) to flow-driven attributes (in Comma-Separated Values (CSV) format) was presented in our earlier work. A unique framework for effectively developing, assessing, and analyzing Mirai botnet assaults in IoT networks is provided by the obtained and labeled features of the Mirai-based multi-class IoT botnet dataset. In this study, experiments were conducted using the extended Mirai-based multi-class dataset and the widely used Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) dataset for comparison. The results of both experiments demonstrate that Random Forest Feature Importance (RFFI) outperforms the Boruta feature selection algorithm. Furthermore, the random forest and decision tree models achieved superior performance in all tests, attaining 100% accuracy in the first experiment using the extended dataset. These findings highlight the importance of selecting relevant features, rather than using all available attributes, to enhance detection performance and computational efficiency.