{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T10:23:05Z","timestamp":1770114185395,"version":"3.49.0"},"reference-count":26,"publisher":"SAGE Publications","issue":"6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IFS"],"published-print":{"date-parts":[[2021,12,16]]},"abstract":"Over the last decade, due to exponential growth in IoT devices and weak security mechanisms, the IoT is now facing more security challenges than ever before, especially botnet malware. There are many security solutions in detecting botnet malware on IoT devices. However, detecting IoT botnet malware, particularly multi-architecture botnets, is challenging. This paper proposes a graphically structured feature extraction mechanism integrated with reinforcement learning techniques in multi-architecture IoT botnet detection. We then evaluate the proposed approach using a dataset of 22849 samples, including actual IoT botnet malware, and achieve a detection rate of 98.03 with low time consumption. The proposed approach also achieves reliable results in detecting the new IoT botnet (has a new architecture-processor) not appearing in the training dataset at 96.69. To promote future research in the field, we share relevant datasets and source code.<\/jats:p>","DOI":"10.3233\/jifs-210699","type":"journal-article","created":{"date-parts":[[2021,8,31]],"date-time":"2021-08-31T14:17:31Z","timestamp":1630419451000},"page":"6801-6814","source":"Crossref","is-referenced-by-count":2,"title":["Towards effectively feature graph-based IoT botnet detection via reinforcement learning"],"prefix":"10.1177","volume":"41","author":[{"given":"Quoc-Dung","family":"Ngo","sequence":"first","affiliation":[{"name":"Posts and Telecommunications Institute of Technology, Hanoi, Vietnam"}]},{"given":"Huy-Trung","family":"Nguyen","sequence":"additional","affiliation":[{"name":"People\u2019s Security Academy, Hanoi, Vietnam"}]},{"given":"Le-Cuong","family":"Nguyen","sequence":"additional","affiliation":[{"name":"Electric Power University, Hanoi, Vietnam"}]}],"member":"179","reference":[{"issue":"5","key":"10.3233\/JIFS-210699_ref3","doi-asserted-by":"crossref","first-page":"5809","DOI":"10.3233\/JIFS-179162","article-title":"The application research of application decision model based on internet of things in enterprise supply chain management","volume":"37","author":"Chen","year":"2019","journal-title":"Journal of Intelligent & Fuzzy Systems"},{"issue":"1","key":"10.3233\/JIFS-210699_ref8","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MCOM.2017.1600363CM","article-title":"Security and privacy for cloud-based IoT: Challenges","volume":"55","author":"Zhou","year":"2017","journal-title":"IEEE Communications Magazine"},{"issue":"4","key":"10.3233\/JIFS-210699_ref9","doi-asserted-by":"crossref","first-page":"1996","DOI":"10.1109\/COMST.2014.2320099","article-title":"Machine learning in wireless sensor networks: Algorithms, strategies, and applications","volume":"16","author":"Alsheikh","year":"2014","journal-title":"IEEE Communications Surveys & Tutorials"},{"issue":"1","key":"10.3233\/JIFS-210699_ref10","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1109\/SURV.2013.050113.00191","article-title":"A survey of intrusion detection systems in wireless sensor networks","volume":"16","author":"Butun","year":"2013","journal-title":"IEEE Communications Surveys & Tutorials"},{"issue":"6245","key":"10.3233\/JIFS-210699_ref11","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1126\/science.aaa8415","article-title":"Machine learning: Trends, perspectives, and prospects","volume":"349","author":"Jordan","year":"2015","journal-title":"Science"},{"key":"10.3233\/JIFS-210699_ref12","doi-asserted-by":"crossref","first-page":"102630","DOI":"10.1016\/j.jnca.2020.102630","article-title":"Machine learning based solutions for security of Internet of Things (IoT): A survey","volume":"161","author":"Tahsien","year":"2020","journal-title":"Journal of Network and Computer Applications"},{"issue":"3","key":"10.3233\/JIFS-210699_ref13","doi-asserted-by":"crossref","first-page":"1686","DOI":"10.1109\/COMST.2020.2986444","article-title":"Machine learning in IoT security: Current solutions and future challenges","volume":"22","author":"Hussain","year":"2020","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"10.3233\/JIFS-210699_ref15","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Computers & Security"},{"issue":"2","key":"10.3233\/JIFS-210699_ref16","doi-asserted-by":"crossref","first-page":"35","DOI":"10.4018\/IJDAI.2020070103","article-title":"Reinforcement Learning\u2019s Contribution to the Cyber Security of Distributed Systems: Systematization of Knowledge","volume":"12","author":"Feltus","year":"2020","journal-title":"In International Journal of Distributed Artificial Intelligence"},{"issue":"4","key":"10.3233\/JIFS-210699_ref20","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/j.icte.2020.04.005","article-title":"A survey of IoT malware and detection methods based on static features","volume":"6","author":"Ngo","year":"2020","journal-title":"ICT Express"},{"issue":"5","key":"10.3233\/JIFS-210699_ref21","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1007\/s10207-019-00475-6","article-title":"A novel graph-based approach for IoT botnet detection","volume":"19","author":"Nguyen","year":"2020","journal-title":"International Journal of Information Security"},{"issue":"2","key":"10.3233\/JIFS-210699_ref22","doi-asserted-by":"crossref","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","article-title":"Classification of malware based on integrated static and dynamic features","volume":"36","author":"Islam","year":"2013","journal-title":"Journal of Network and Computer Applications"},{"issue":"5","key":"10.3233\/JIFS-210699_ref24","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2018.2825478","article-title":"IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?","volume":"35","author":"Xiao","year":"2018","journal-title":"IEEE Signal Processing Magazine"},{"issue":"3","key":"10.3233\/JIFS-210699_ref25","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-008-0084-2","article-title":"Code obfuscation techniques for metamorphic viruses","volume":"4","author":"Borello","year":"2008","journal-title":"Journal in Computer Virology"},{"issue":"1","key":"10.3233\/JIFS-210699_ref26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13673-018-0125-x","article-title":"A state-of-the-art survey of malware detection approaches using data mining techniques","volume":"8","author":"Souri","year":"2018","journal-title":"Human-centric Computing and Information Sciences"},{"issue":"3","key":"10.3233\/JIFS-210699_ref27","doi-asserted-by":"crossref","first-page":"410","DOI":"10.3390\/sym12030410","volume":"12","author":"Truong","year":"2020","journal-title":"Symmetry"},{"key":"10.3233\/JIFS-210699_ref28","doi-asserted-by":"crossref","first-page":"35365","DOI":"10.1109\/ACCESS.2018.2836950","article-title":"Machine learning and deep learning methods for cybersecurity","volume":"6","author":"Xin","year":"2018","journal-title":"IEEE Access"},{"issue":"10","key":"10.3233\/JIFS-210699_ref29","doi-asserted-by":"crossref","first-page":"2742","DOI":"10.1109\/TMC.2017.2687918","article-title":"Cloud-based malware detection game for mobile devices with offloading","volume":"16","author":"Xiao","year":"2017","journal-title":"IEEE Transactions on Mobile Computing"},{"issue":"4","key":"10.3233\/JIFS-210699_ref30","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1504\/IJDMMM.2018.095372","article-title":"A new method for behavioural-based malware detection using reinforcement learning","volume":"10","author":"Mohammadkhani","year":"2018","journal-title":"International Journal of Data Mining, Modelling and Management"},{"key":"10.3233\/JIFS-210699_ref31","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1016\/j.engappai.2015.05.008","article-title":"Dynamic VSA: a framework for malware detection based on register contents","volume":"44","author":"Ghiasi","year":"2015","journal-title":"Engineering Applications of Artificial Intelligence"},{"key":"10.3233\/JIFS-210699_ref32","doi-asserted-by":"crossref","first-page":"176177","DOI":"10.1109\/ACCESS.2019.2957429","article-title":"Feature selection for malware detection based on reinforcement learning","volume":"7","author":"Fang","year":"2019","journal-title":"IEEE Access"},{"key":"10.3233\/JIFS-210699_ref34","doi-asserted-by":"crossref","first-page":"102479","DOI":"10.1016\/j.jnca.2019.102479","article-title":"An efficient reinforcement learning-based Botnet detection approach","volume":"150","author":"Alauthman","year":"2020","journal-title":"Journal of Network and Computer Applications"},{"issue":"2","key":"10.3233\/JIFS-210699_ref36","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.icte.2019.12.001","article-title":"PSI-rooted subgraph: A novel feature for IoT botnet detection using classifier algorithms","volume":"6","author":"Nguyen","year":"2020","journal-title":"ICT Express"},{"key":"10.3233\/JIFS-210699_ref37","first-page":"2613","article-title":"Double Q-learning","volume":"23","author":"Hasselt","year":"2010","journal-title":"Advances in neural information processing systems"},{"issue":"3","key":"10.3233\/JIFS-210699_ref38","doi-asserted-by":"crossref","first-page":"522","DOI":"10.2197\/ipsjjip.24.522","article-title":"IoTPOT: A novel honeypot for revealing current IoT threats","volume":"24","author":"Pa","year":"2016","journal-title":"Journal of Information Processing"},{"key":"10.3233\/JIFS-210699_ref39","unstructured":"VirusShare.com - Because Sharing is Caring, https:\/virusshare.com (Accessed on Jan 2021)."}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JIFS-210699","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T00:49:29Z","timestamp":1769993369000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/JIFS-210699"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,16]]},"references-count":26,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.3233\/jifs-210699","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,12,16]]}}}