research-article

Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms

Authors:

Brian Pendleton,

Ben NakhavanitAuthors Info & Claims

ICCDA '19: Proceedings of the 2019 3rd International Conference on Compute and Data Analysis

Pages 31 - 35

https://doi.org/10.1145/3314545.3314569

Published: 14 March 2019 Publication History

Abstract

The authors introduce the Bronte machine learning evaluation study for consistent detection of malware, specifically honed for botnets. Machine learning algorithms are already being used to detect malware in dynamic environments. This evaluation utilizes a static measurement approach that could be implemented on edge network devices. It was generated from conversation-based network traffic. This study fully enumerated the network traffic features to allow various machine learning algorithms to build various training sets to deploy against dual test sets. Utilizing the Waikato Environment for Knowledge Analysis (WEKA) datamining and analysis tool, various algorithmic experiments were deployed against the modern and large CICIDS2017 dataset. This evaluation study aimed to push non-IP address features through a series of machine learning classifiers. The study was conducted differently and more methodically than other related studies by using three highly randomized training sets and two test data sets. The test sets were different in that one was a real world based 98.9 benign traffic and one was 50/50 benign to bot traffic. The instance based nearest neighbor and decision tree classifiers ranked highest only using the training sets; but the J48, an expanded ID3 decision tree classifier, clearly produced the highest predictions against both test sets.

References

[1]

Alhawi, O. M., Baldwin, J., & Dehghantanha, A. (2018). Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection. Advances in Information Security Cyber Threat Intelligence, 93-106.

[2]

Canadian Institute for Cybersecurity. (2017). Intrusion Detection Evaluation Dataset (CICS2017){dataset}. Retrieved from https://www.unb.ca/cic/datasets/ids-2017.html.

[3]

Council of Economic Advisers. (2018) Retrieved from https://www.whitehouse.gov/wp-content/uploads/ 2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf.

[4]

Department of Defense. (2015). The Department of Defense Cyber Strategy. https://www.defense.gov/Portals/ /1/features/2015/0415_cyberstrategy/Final_2015_DoD_

[5]

Feizollah, A., Anuar, N., Salleh, R., and Wahab, A. (2015, June). A review on feature selection in mobile malware detection. Digital Investigation. Volume 13, pp. 22--37.

Digital Library

[6]

Homayoun, S., Ahmadzadeh, M., Hashemi, S., Dehghantanha, A., & Khayami, R. (2018). BoTShark: A deep learning approach for botnet traffic detection. In: M. Conti, A. Dehghantanha, T. Dargahi (eds.) Cyber Threat Intelligence, p. 13, in press. Springer - Advances in Information Security series (2018).

[7]

Letter, David. (2017). You need to know about the Matthews Correlation Coefficient. Retrieved from https://lettier.github.io/posts/2016-08-05-matthews-correlation-coefficient.html.

[8]

Pang-Ning, T.; Steinbach, M.; and Kumar, V. (2018). Introduction to Data Mining. Pearson Indian Education Services. Uttar Pradesh: India.

Digital Library

[9]

Qin, X., Xu, T., & Wang, C. (2015). DDoS Attack Detection Using Flow Entropy and Clustering Technique. 2015 11th International Conference on Computational Intelligence and Security (CIS).

Digital Library

[10]

Scikitlearn. (n.d.) sklearn.metrics.precision_score. Retrieved from https://scikit-learn.org/stable/modules/generated/ sklearn.metrics.precision_score.html

[11]

Seo, J., Lee, C., Shon, T., Cho, K.H., Moon, J.: A New DDoS Detection Model Using Multiple SVMs and TRA. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 976--985. Springer, Heidelberg (2005).

Digital Library

[12]

Sharafaldin, I., Lashkari, A., and Ghorbani, A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018).

[13]

The Council of Economic Advisors. (2018, February). The Cost of Malicious Cyber Activity to the U.S. Economy. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf

[14]

Thomas, K. (2015, April 15). Nine of the worst botnets ever seen. Retrieved from https://www.welivesecurity.com/2015/ 02/25/nine-bad-botnets-damage/.

[15]

Xuan, D. H., & Nguyen, Q. C. (2018). Botnet detection based on machine learning techniques using DNS query data. Future Internet, 10(5), 43. Retrieved from

[16]

Yin, D., Zhang, L., & Yang, K. (2018). A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework. IEEE Access, 6, 24694--24705.

[17]

Zekri, M., Kafhali, S. E., Aboutabit, N., & Saadi, Y. (2017). DDoS attack detection using machine learning techniques in cloud computing environments. 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech).

Cited By

N DKatiravan JS.P S(2024)Botnet Attack Detection in IoT Devices using Ensemble Classifiers with Reduced Feature SpaceInternational Research Journal of Multidisciplinary Technovation10.54392/irjmt24321(274-295)Online publication date: 22-May-2024
https://doi.org/10.54392/irjmt24321
Ordoñez Tumbo SMárceles Villalba KAmador Donado S(2024)Validación de la Técnica de Inteligencia en la detección de ciberataquesIngeniería y Competitividad10.25100/iyc.v26i3.1380026:3Online publication date: 22-Aug-2024
https://doi.org/10.25100/iyc.v26i3.13800
Gao HLi LLei HTian NLin HWan J(2024)One IOTA of Countless Legions: A Next-Generation Botnet Premises Design Substrated on Blockchain and Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.332271611:5(9107-9126)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3322716
Show More Cited By

Index Terms

Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms
1. Computing methodologies
  1. Machine learning
    1. Machine learning algorithms
2. Information systems
  1. Information systems applications
    1. Data mining

Recommendations

Detecting botnet by anomalous traffic

Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their existence. Therefore they have become one of the most severe threats on the Internet. The core component of botnets is their command and ...
Your botnet is my botnet: analysis of a botnet takeover
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is ...
A survey of botnet detection based on DNS

Botnet is a thorny and a grave problem of today's Internet, resulting in economic damage for organizations and individuals. Botnet is a group of compromised hosts running malicious software program for malicious purposes, known as bots. It is also worth ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCDA '19: Proceedings of the 2019 3rd International Conference on Compute and Data Analysis

March 2019

163 pages

ISBN:9781450366342

DOI:10.1145/3314545

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCDA 2019

ICCDA 2019: 2019 The 3rd International Conference on Compute and Data Analysis

March 14 - 17, 2019

HI, Kahului, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
467
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

N DKatiravan JS.P S(2024)Botnet Attack Detection in IoT Devices using Ensemble Classifiers with Reduced Feature SpaceInternational Research Journal of Multidisciplinary Technovation10.54392/irjmt24321(274-295)Online publication date: 22-May-2024
https://doi.org/10.54392/irjmt24321
Ordoñez Tumbo SMárceles Villalba KAmador Donado S(2024)Validación de la Técnica de Inteligencia en la detección de ciberataquesIngeniería y Competitividad10.25100/iyc.v26i3.1380026:3Online publication date: 22-Aug-2024
https://doi.org/10.25100/iyc.v26i3.13800
Gao HLi LLei HTian NLin HWan J(2024)One IOTA of Countless Legions: A Next-Generation Botnet Premises Design Substrated on Blockchain and Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.332271611:5(9107-9126)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3322716
Jain RNihalani N(2024)Botnet Detection in Distributed Network Using Machine Learning- A Detailed Review2024 International Conference on Communication, Computer Sciences and Engineering (IC3SE)10.1109/IC3SE62002.2024.10593476(888-895)Online publication date: 9-May-2024
https://doi.org/10.1109/IC3SE62002.2024.10593476
Tikekar PSherekar SKumar J(2024)An Approach for Detection of Botnet Based on Machine Learning ClassifierSN Computer Science10.1007/s42979-024-02636-45:3Online publication date: 3-Mar-2024
https://dl.acm.org/doi/10.1007/s42979-024-02636-4
Hamdouchi AIdri A(2024)Multiclass Intrusion Detection in IoT Using Boosting and Feature SelectionGood Practices and New Perspectives in Information Systems and Technologies10.1007/978-3-031-60221-4_13(128-137)Online publication date: 13-May-2024
https://doi.org/10.1007/978-3-031-60221-4_13
Arshad SZanib RAkram AHaider ASaeed TRaza M(2023)ML-IBotD: Machine Learning based Intelligent Botnet Detection2023 3rd International Conference on Artificial Intelligence (ICAI)10.1109/ICAI58407.2023.10136647(214-219)Online publication date: 22-Feb-2023
https://doi.org/10.1109/ICAI58407.2023.10136647
Majed DAbdulhameed AGaata M(2023)Botnet Creation, Life Cycle, Infrastructure, and Detection Techniques2023 Second International Conference on Advanced Computer Applications (ACA)10.1109/ACA57612.2023.10346662(25-29)Online publication date: 27-Feb-2023
https://doi.org/10.1109/ACA57612.2023.10346662
Velasco-Mata JGonzález-Castro VFidalgo EAlegre E(2023)Real-time botnet detection on large network bandwidths using machine learningScientific Reports10.1038/s41598-023-31260-013:1Online publication date: 15-Mar-2023
https://doi.org/10.1038/s41598-023-31260-0
Tikekar PSherekar SThakre V(2022)An Approach for P2P Based Botnet Detection Using Machine Learning2022 Third International Conference on Intelligent Computing Instrumentation and Control Technologies (ICICICT)10.1109/ICICICT54557.2022.9917847(627-631)Online publication date: 11-Aug-2022
https://doi.org/10.1109/ICICICT54557.2022.9917847
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents