Back to Search Start Over

Multilayer Framework for Botnet Detection Using Machine Learning Algorithms

Authors :
Rubén González Crespo
Hamido Fujita
Wan Nur Hidayah Ibrahim
Ondrej Krejcar
Ali Selamat
Syahid Anuar
Enrique Herrera-Viedma
Source :
IEEE Access, Vol 9, Pp 48753-48768 (2021), Digibug: Repositorio Institucional de la Universidad de Granada, Universidad de Granada (UGR), Digibug. Repositorio Institucional de la Universidad de Granada, instname
Publication Year :
2021
Publisher :
Institute of Electrical and Electronics Engineers (IEEE), 2021.

Abstract

The authors wish to thank Universiti Teknologi Malaysia (UTM) for its support under Research University Grant Vot- 20H04, Malaysia Research University Network (MRUN) Vot 4L876. The authors would like to acknowledge that this work was supported/funded by the Ministry of Higher Education under the Fundamental Research Grant Scheme (FRGS/1/2018/ICT04/UTM/01/1). The work was also partially supported by the Specific Research project (SPEV) at the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic, under Grant 2102-2021. The authors are grateful for the support of student Sebastien Mambou in consultations regarding application aspects. The authors also wish to thank the Ministry of Education Malaysia for the Hadiah Latihan Persekutuan (HLP) scholarship to complete the research.<br />A botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets commonly used signature-based analysis unable to detect unseen botnets. The behavior-based analysis seems like a promising solution to the current trends of botnets that keep evolving. This paper proposes a multilayer framework for botnet detection using machine learning algorithms that consist of a ltering module and classi cation module to detect the botnet's command and control server. We highlighted several criteria for our framework, such as it must be structure-independent, protocol-independent, and able to detect botnet in encapsulated technique. We used behavior-based analysis through ow-based features that analyzed the packet header by aggregating it to a 1-s time. This type of analysis enables detection if the packet is encapsulated, such as using a VPN tunnel. We also extend the experiment using different time intervals, but a 1-s time interval shows the most impressive results. The result shows that our botnet detection method can detect up to 92% of the f-score, and the lowest false-negative rate was 1.5%.<br />Universiti Teknologi Malaysia (UTM) through the Research University Vot-20H04<br />Malaysia Research University Network (MRUN) Vot4L876<br />Ministry of Higher Education through the Fundamental Research Grant Scheme FRGS/1/2018/ICT04/UTM/01/1<br />Hadiah Latihan Persekutuan (HLP) Scholarship through the Ministry of Education Malaysia<br />Specific Research Project (SPEV) by the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic

Details

ISSN :
21693536
Volume :
9
Database :
OpenAIRE
Journal :
IEEE Access
Accession number :
edsair.doi.dedup.....333d27eaf274be87e69b7f99df8c96dc
Full Text :
https://doi.org/10.1109/access.2021.3060778