Back to Search
Start Over
Multilayer Framework for Botnet Detection Using Machine Learning Algorithms
- Source :
- IEEE Access, Vol 9, Pp 48753-48768 (2021), Digibug: Repositorio Institucional de la Universidad de Granada, Universidad de Granada (UGR), Digibug. Repositorio Institucional de la Universidad de Granada, instname
- Publication Year :
- 2021
- Publisher :
- Institute of Electrical and Electronics Engineers (IEEE), 2021.
-
Abstract
- The authors wish to thank Universiti Teknologi Malaysia (UTM) for its support under Research University Grant Vot- 20H04, Malaysia Research University Network (MRUN) Vot 4L876. The authors would like to acknowledge that this work was supported/funded by the Ministry of Higher Education under the Fundamental Research Grant Scheme (FRGS/1/2018/ICT04/UTM/01/1). The work was also partially supported by the Specific Research project (SPEV) at the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic, under Grant 2102-2021. The authors are grateful for the support of student Sebastien Mambou in consultations regarding application aspects. The authors also wish to thank the Ministry of Education Malaysia for the Hadiah Latihan Persekutuan (HLP) scholarship to complete the research.<br />A botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets commonly used signature-based analysis unable to detect unseen botnets. The behavior-based analysis seems like a promising solution to the current trends of botnets that keep evolving. This paper proposes a multilayer framework for botnet detection using machine learning algorithms that consist of a ltering module and classi cation module to detect the botnet's command and control server. We highlighted several criteria for our framework, such as it must be structure-independent, protocol-independent, and able to detect botnet in encapsulated technique. We used behavior-based analysis through ow-based features that analyzed the packet header by aggregating it to a 1-s time. This type of analysis enables detection if the packet is encapsulated, such as using a VPN tunnel. We also extend the experiment using different time intervals, but a 1-s time interval shows the most impressive results. The result shows that our botnet detection method can detect up to 92% of the f-score, and the lowest false-negative rate was 1.5%.<br />Universiti Teknologi Malaysia (UTM) through the Research University Vot-20H04<br />Malaysia Research University Network (MRUN) Vot4L876<br />Ministry of Higher Education through the Fundamental Research Grant Scheme FRGS/1/2018/ICT04/UTM/01/1<br />Hadiah Latihan Persekutuan (HLP) Scholarship through the Ministry of Education Malaysia<br />Specific Research Project (SPEV) by the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic
- Subjects :
- flow-based feature selection
Flow-based feature selection
K-nearest neighbor
General Computer Science
Computer science
Botnet
Denial-of-service attack
02 engineering and technology
Encryption
computer.software_genre
Machine learning
Behavior-based analysis
structure independent
Structure independent
Server
Header
0202 electrical engineering, electronic engineering, information engineering
Command and control
General Materials Science
botnet
business.industry
Network packet
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
k-nearest neighbor
General Engineering
020206 networking & telecommunications
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS
Malware
020201 artificial intelligence & image processing
lcsh:Electrical engineering. Electronics. Nuclear engineering
Artificial intelligence
business
lcsh:TK1-9971
computer
Algorithm
Subjects
Details
- ISSN :
- 21693536
- Volume :
- 9
- Database :
- OpenAIRE
- Journal :
- IEEE Access
- Accession number :
- edsair.doi.dedup.....333d27eaf274be87e69b7f99df8c96dc
- Full Text :
- https://doi.org/10.1109/access.2021.3060778