IoT networks have become an increasingly valuable target of malicious attacks due to the increased amount of valuable user data they contain. In response, network intrusion detection systems have been developed to detect suspicious network activity. UNSW-NB15 is an IoT-based network traffic data set with different categories for normal activities and malicious attack behaviors. UNSW-NB15 botnet datasets with IoT sensors' data are used to obtain results that show that the proposed features have the potential characteristics of identifying and classifying normal and malicious activity. Role of ML algorithms is for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets is possible. The ML model metrics using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.
Furthermore, the project was extended to creade a model for classifying UNSW-NB15 dataset samples was developed using a random forest and feed-forward neural network. The system uses the random forest that classifies data to normal or malicious data. This information is then used to train a neural network to further classify the attack data to different attack categories. The results for attack detection were very good with approx. 0.88 precision for attacks and nearly 1.0 precision for normal data samples. Attack categorization had problems in differentiating between attack classes and could mostly classify the attacks to two different classes. However, it could accurately classify normal network data. Development had many problems common in machine learning. Large data amount, lack of memory and unbalance between class sizes caused most trouble. Especially unbalanced data made it difficult to generalize data classes.