Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Zero-Day Botnet Attack Detection in IoV: A Modular Approach Using Isolation Forests and Particle Swarm Optimization

Abdelaziz Amara Korba, Nour Elislem Karabadji, Yacine Ghamri-Doudane

TL;DR

The paper addresses zero-day botnet threats in IoV by deploying an edge-based IDS on MECs that monitors traffic to and from CAVs. It introduces a modular meta-ensemble of Isolation Forests, each trained for a specific attack type, and optimizes their combination with Particle Swarm Optimization to detect both known and unseen attacks. The approach demonstrates strong N-day detection and substantial zero-day gains on a vehicular botnet dataset, highlighting edge deployment, scalability, and adaptability to evolving threats. This work offers a practical defense for IoV ecosystems by leveraging edge resources and continual learning to maintain robust botnet detection at the network edge.

Abstract

The Internet of Vehicles (IoV) is transforming transportation by enhancing connectivity and enabling autonomous driving. However, this increased interconnectivity introduces new security vulnerabilities. Bot malware and cyberattacks pose significant risks to Connected and Autonomous Vehicles (CAVs), as demonstrated by real-world incidents involving remote vehicle system compromise. To address these challenges, we propose an edge-based Intrusion Detection System (IDS) that monitors network traffic to and from CAVs. Our detection model is based on a meta-ensemble classifier capable of recognizing known (Nday) attacks and detecting previously unseen (zero-day) attacks. The approach involves training multiple Isolation Forest (IF) models on Multi-access Edge Computing (MEC) servers, with each IF specialized in identifying a specific type of botnet attack. These IFs, either trained locally or shared by other MEC nodes, are then aggregated using a Particle Swarm Optimization (PSO) based stacking strategy to construct a robust meta-classifier. The proposed IDS has been evaluated on a vehicular botnet dataset, achieving an average detection rate of 92.80% for N-day attacks and 77.32% for zero-day attacks. These results highlight the effectiveness of our solution in detecting both known and emerging threats, providing a scalable and adaptive defense mechanism for CAVs within the IoV ecosystem.

Zero-Day Botnet Attack Detection in IoV: A Modular Approach Using Isolation Forests and Particle Swarm Optimization

TL;DR

The paper addresses zero-day botnet threats in IoV by deploying an edge-based IDS on MECs that monitors traffic to and from CAVs. It introduces a modular meta-ensemble of Isolation Forests, each trained for a specific attack type, and optimizes their combination with Particle Swarm Optimization to detect both known and unseen attacks. The approach demonstrates strong N-day detection and substantial zero-day gains on a vehicular botnet dataset, highlighting edge deployment, scalability, and adaptability to evolving threats. This work offers a practical defense for IoV ecosystems by leveraging edge resources and continual learning to maintain robust botnet detection at the network edge.

Abstract

The Internet of Vehicles (IoV) is transforming transportation by enhancing connectivity and enabling autonomous driving. However, this increased interconnectivity introduces new security vulnerabilities. Bot malware and cyberattacks pose significant risks to Connected and Autonomous Vehicles (CAVs), as demonstrated by real-world incidents involving remote vehicle system compromise. To address these challenges, we propose an edge-based Intrusion Detection System (IDS) that monitors network traffic to and from CAVs. Our detection model is based on a meta-ensemble classifier capable of recognizing known (Nday) attacks and detecting previously unseen (zero-day) attacks. The approach involves training multiple Isolation Forest (IF) models on Multi-access Edge Computing (MEC) servers, with each IF specialized in identifying a specific type of botnet attack. These IFs, either trained locally or shared by other MEC nodes, are then aggregated using a Particle Swarm Optimization (PSO) based stacking strategy to construct a robust meta-classifier. The proposed IDS has been evaluated on a vehicular botnet dataset, achieving an average detection rate of 92.80% for N-day attacks and 77.32% for zero-day attacks. These results highlight the effectiveness of our solution in detecting both known and emerging threats, providing a scalable and adaptive defense mechanism for CAVs within the IoV ecosystem.

Paper Structure

This paper contains 10 sections, 8 equations, 2 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Threat Model
  4. Proposed Approach
  5. Edge-Based Network Traffic Monitoring
  6. Meta-Ensemble Network Traffic Classifier
  7. Performance Evaluation
  8. Dataset Processing & Experimental Setup
  9. Experimental results
  10. Conclusion

Figures (2)

  • Figure 1: Meta-Ensemble Network Traffic Classifier
  • Figure 2: Overall Performances Comparison (Flow-based)