Feature evaluation for IoT botnet traffic classification Online publication date: Mon, 25-Jul-2022
by Joffrey L. Leevy; Taghi M. Khoshgoftaar; John Hancock
International Journal of Internet of Things and Cyber-Assurance (IJITCA), Vol. 2, No. 1, 2022
Abstract: Researchers must often decide whether to use destination port as an input feature when building predictive models for intrusion detection systems. To evaluate this feature, we use the Bot-IoT dataset with three different sets of input features. The first and second set of input features comprise all Bot-IoT features (26 variables) and all Bot-IoT features excluding destination port (25 variables), respectively, while the third includes destination port as the only feature. Our results show that classification models trained on the first (26 variables) and second (25 variables) set of input features generally yield favourable results. We note that several destination port values are associated with disproportionate label distributions. Hence, it is possible in some cases, that the classifiers have been trained to closely correlate specific attack types with specific values of destination port. To the best of our knowledge, this is the first Bot-IoT study based on the destination port feature.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Internet of Things and Cyber-Assurance (IJITCA):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook