3.2.1 Phase I: Analysis on previous research

Firstly, analysis on previous research phase is done in order to identify the specification made based on the previous research in building proper studies related to the topic of the project. The collection of data from trusted website such as Kaspersky Lab, MyCert and many more to get current analysis about the Internet of Things (IoT), IoT Issues and taxonomy botnets behavior. There are several important things to highlight such as botnets attacks, DDoS attack types, characteristics of botnets to arrange DDoS attacks, Mirai attacks, Hajime attacks and Machine Learning techniques. All of the domain involved in this project will be discovered first to get the main idea before the project is continued. All the architecture, framework, and structure of the domains will be discovered and the next step will be explained on phase two.

3.2.2 Phase II: Information Gathering

After all the domains had been discovered, few issues related to the vulnerabilities and threats due to the IoT botnets is identified. During this phase, data obtained is analyzed for categorization and observation before conclude to a certain hypothesis. The limitation of IoT devices’ features had made it easier for intruders to attack in the network, especially by using default username and password. A few attacks that is able to access devices is Mirai and Hajime botnets. The botnet is to establish a DDoS attack in the IoT devices. The DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The statistical machine learning techniques will be used in the project to make better decision for botnets detection.

3.2.3 Phase III: Methodology

During this phase, methodology is the guidelines to produce a sequence of flow to ensure that the project is on the track as in the timeline. This phase will be focusing on the IoT botnets attack that exploit in devices which may positively affect user behavior. In this project, machine learning techniques will be used to detect the IoT botnets easily. However, the current techniques are not efficient for the botnets detection.

3.2.4 Phase IV: Design and Implementation

This phase is usually the longest and most extensive part of the process. Starting from the specification of machine learning requirements that fulfill the users’ needs, continued with decision on suitable machine learning to be used. During the performance of requirement specifications, the data, functional and non-functional requirement is determined. The data requirement indicates what data is input to the system and what output does the techniques should produce.

3.2.5 Phase V: Analysis Result

During this phase, it will be analyzing the data obtained to measure the botnets behavior and also consequence of IoT botnets attack towards user experiences by examining on Linux Operating System. However, the analysis result makes plenty of sense. It explains all of the subproblem symptoms. Most important, the analysis result offers a new way forward that, if the root causes are anywhere close to correct, will work.
3.2.6 Phase VI: Testing and Evaluation

During the testing phase, it mainly focuses in order to define the quality of the expected output. Moreover, testing of the technique proves that the project meets all requirements and objectives, including those for efficiency and effectiveness. If the user evaluates the techniques and the user is not satisfied with it, the current techniques is refined according to the requirements and the additional information provided by user. This process is done continuously until the machine learning techniques is able to fulfill every requirement stated by the user.