Identification of Mirai Botnet in IoT Environment through Denial-of-Service Attacks for Early Warning System

The development of computing technology in increasing the accessibility and agility of daily activities currently uses the Internet of Things (IoT). Over time, the increasing number of IoT device users impacts access and delivery of valuable data. This is the primary goal of cybercriminals to operate malicious software. In addition to the positive impact of using technology, it is also a negative impact that creates new problems in security attacks and cybercrimes. One of the most dangerous cyberattacks in the IoT environment is the Mirai botnet malware. The malware turns the user's device into a botnet to carry out Distributed Denial of Service (DDoS) attacks on other devices, which is undoubtedly very dangerous. Therefore, this study proposes a k-nearest neighbor algorithm to classify Mirai malware-type DDOS attacks on IoT device environments. The malware classification process was carried out using rapid miner machine learning by conducting four experiments using SYN, ACK, UDP, and UDPlain attack types. The classification results from selecting five parameters with the highest activity when the device is attacked. In order for these five parameters to be a reference in the event of a malware attack starting in the IoT environment, the results of the classification have implications for further research. In the future, it can be used as a reference in making an early warning innovative system as an early warning in the event of a Mirai botnet attack.