CFP last date
20 January 2025
Reseach Article

Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning

by Meshal Farhan AL-Anazi, Mostafa G. M. Mostafa
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 182 - Number 48
Year of Publication: 2019
Authors: Meshal Farhan AL-Anazi, Mostafa G. M. Mostafa
10.5120/ijca2019918739

Meshal Farhan AL-Anazi, Mostafa G. M. Mostafa . Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning. International Journal of Computer Applications. 182, 48 ( Apr 2019), 55-60. DOI=10.5120/ijca2019918739

@article{ 10.5120/ijca2019918739,
author = { Meshal Farhan AL-Anazi, Mostafa G. M. Mostafa },
title = { Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2019 },
volume = { 182 },
number = { 48 },
month = { Apr },
year = { 2019 },
issn = { 0975-8887 },
pages = { 55-60 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume182/number48/30522-2019918739/ },
doi = { 10.5120/ijca2019918739 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:14:42.682454+05:30
%A Meshal Farhan AL-Anazi
%A Mostafa G. M. Mostafa
%T Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning
%J International Journal of Computer Applications
%@ 0975-8887
%V 182
%N 48
%P 55-60
%D 2019
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Botnet is considered a multifunctional malware. It can be leveraged by criminals to launch variety of malware attacks such as click fraud, DDOS, spam, etc. Moreover, the botnets pretend the normal traffic by leveraging common protocols such as IRC, HTTP, DNS and P2P for command control. Therefore, distinguishing botnet behavior is challenging because it has similarities with normal protocols behaviors. Most of previous researches focus on detecting specific type of botnet. Moreover, they rely on limited number of features. In addition, they do not select the optimal model by tuning the hyperparameters of machine learning algorithms. In this paper we use a recent dataset that containing a diverse set of botnet traces and wider flow features. We select the relevant features using several ranking algorithms. Eventually, the optimal models are selected by tuning the hyperparameters of machine learning algorithms.

References
  1. "Intrenet security threat report," symantec, April 2016. [Online]. Available: https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. [Accessed 23 December 2018].
  2. D. Cid, "Large CCTV Botnet Leveraged in DDoS Attacks," June 2016. [Online]. Available: https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html. [Accessed 23 Dec 2018].
  3. Z. Athichart Tangpong, ""Botnet Detection Through Fine Flow Classification," in The Pennsylvania State University, Technical Report CSE11-001, 2011.
  4. J. Stevanovic, "On the use of machine learning for identifying botnet network traffic," Journal of Cyber Security and Mobility, vol. 4, pp. 1-32, 2016.
  5. Z. Chao Li, "Botnet: Survey and Case Study," in Fourth International Conference on Innovative Computing, Information and Control, 2009.
  6. D. Zhao, "Botnet detection based on traffic behavior analysis and flow intervals," Computers & Security, vol. 39, p. 2–16, 2013.
  7. S. Carl Livadas, "Using Machine Learning Techniques to Identify Botnet Traffic," in 31st IEEE Conference on Local Computer Networks, 2006.
  8. C. Strayer W.T., "Botnet Detection Based on Network Behavior," in Botnet Detection Countering the Largest Security Threat, vol. 36, Boston, MA, Springer, 2008.
  9. H. Sherif Saad, "Detecting P2P Botnets through Network Behavior Analysis and Machine Learning," in Ninth Annual International Conference on Privacy, Security and Trust, 2011.
  10. H. Mohammad Alauthaman, "A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks," Springerlink, 2016. [Online]. Available: Springerlink.com. [Accessed 2018].
  11. H. Fariba Haddadi, "On Botnet Behaviour Analysis using GP and C4.5," in Annual Conference on Genetic and Evolutionary Computation, Vancouver, BC, Canada , 2014.
  12. R. Sandeep Yadav, "Detecting Algorithmically Generated Malicious Domain Names," in 10th ACM SIGCOMM conference on Internet measurement, Melbourne, Australia, 2010.
  13. F. Haddadi, J. Morgan, E. G. Filho and A. N. Zincir-Heywood, "Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers," in 28th International Conference on Advanced Information Networking and Applications Workshops, Victoria, BC, Canada, 2014.
  14. R. irubavathi Venkatesh G., "HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network," Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems pp, pp. 38-48, 2012.
  15. N. Zincir-Heywood, "Data Confirmation for Botnet Traffic Analysis," in Lecture Notes in Computer Science, Springer, Cham, 2015.
  16. W. Chunyong Yin, "Botnet Detection Based on Genetic Neural Network," International Journal of Security and Its Applications, vol. 9, pp. 97-104, 2015.
  17. C. Hota, "Real-time Peer-to-Peer Botnet Detection Framework based on Bayesian Regularized Neural Network," CoRR, vol. abs/1307.7464, 2013.
  18. M. R. P. A. Lakshya Mathur, "Botnet Detection via mining of network traffic flow," International Conference on Computational Intelligence and Data Science (ICCIDS 2018), p. 1668–1677, 2018.
  19. E. B. Beigi, H. H. Jazi, N. Stakhanova and A. A. Ghorbani, "Towards effective feature selection in machine learning-based botnet detection approaches," in IEEE Conference on Communications and Network Security, San Francisco, CA, USA, 2014.
  20. F. V. Alejandre, N. C. Cortés and E. A. Anaya, "Feature selection to detect botnets using machine learning algorithms," in International Conference on Electronics, Communications and Computers (CONIELECOMP), Cholula, Mexico, 2017.
  21. H. Pratik Narang, "Feature selection for detection of peer-to-peer botnet traffic," in Compute '13 Proceedings of the 6th ACM India Computing Convention, Vellore, Tamil Nadu, India, 2013.
  22. A. E. Isabelle Guyon, "An Introduction to Variable and Feature Selection," Journal of Machine Learning Research, vol. 3, pp. 1157-1182, 2003.
  23. V. M. Sebastian Raschka, Python Machine Learning Second Edition, Birmingham: Packt Publishing Ltd, 2017.
  24. Aly M. El-Semary, Mostafa G. M. Mostafa. “Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques,” the Journal of Information Processing Systems. Vol. 6, No.4, 481, 2010.
  25. H. Daumé, A Course in Machine Learning, http://ciml.info, 2012.
  26. "Network Traffic Flow Analyzer," 10 Jan 2019. [Online]. Available: http://www.netflowmeter.ca/netflowmeter.html.
Index Terms

Computer Science
Information Sciences

Keywords

Botnet Hyperparameter Tuning Random Search