Machine Learning for Malware Botnet Detection in IoT Devices

Cyber threats against the Department of Defense (DOD) and the greater U.S. public create an ever-increasing security challenge. Advances in information technology provide new capabilities and benefits but also vulnerabilities. Today, the internet of things (IoT) is almost everywhere. Homes, business, and government organizations are continuing to add internet-connected devices for increased productivity and convenience. Military IoT devices provide traditional computing as well as specific functional purpose sensors. The DOD will increasingly depend upon a diverse range of IoT devices to gain information dominance over its adversaries. IoT technology in real time can provide entity-level maintenance, logistics, and intelligence data that has the potential to enable command and control decisions with greater confidence and speed. However, IoT devices are vulnerable to attack by malware, which has proven to be a network security concern. There have been many high-profile attacks such as the Mirai botnet and SolarWinds breaches that demonstrate IoT vulnerabilities. Advances in machine learning offer potential solutions to detect the evolving nature of cyber intrusions on internet networks. This thesis examines approaches to detecting malware-infected devices using machine learning and labeled IoT network flow data. It also seeks to determine whether supervised machine-learning models provide generalizable solutions for malware detection on new networks and IoT devices.