The Internet of Things (IoT) is emerging in full force and anyone could be trouble if they are not prepared to protect their networks. Everything is become internet-enables. The internet-connected with the smart devices and machines can create vulnerabilities within organization. Many IoT devices that are currently in use have lax or no security capabilities making it is easy to compromise and easy target for hackers to breach the critical information. As technology evolved, hackers building more sophisticated IoT botnets to do illicit purposes in IoT devices. Todays, hackers targeting organizations across all sectors but healthcare sectors have more at stake because their services are so central to people’s lives. In order the reliance on so many IoT devices, hacker exploit IoT devices to create powerful botnets attack and make difficulties to healthcare organizations defend against menaces. Yet, none of previous research use graph analytics theory model to mitigate the IoT botnets in healthcare sectors.

Therefore, this research attempted to get the parameter from raw infection codes using a reverse engineering approach as well as addressing the real behaviours of IoT botnets. The main objective of the research was to develop a new model in detecting IoT botnets using graph analytics theory model with analysing the selection of influence feature factor. Two main steps were needed in this research. Firstly was to analyse the behaviour of IoT botnets using reverse engineering approach by distinguish the IoT botnets activities from raw infection codes. Secondly was to develop the new graph analytics theory model for detecting IoT botnets attack. The expected output of this research was a scheme that is able to remove and quarantine the suspicious codes as well as able to detect the behaviour changes in the IoT devices due to influence feature factor that is embedded inside the approach. The model also can be used for security tool community who want to get and discover the real behaviors of IoT botnets from the raw infection codes that exists in particular IoT devices and machines.