Robust Early Stage Botnet Detection using Machine Learning

EasyChair Preprint 3569

Abstract

Among the different types of malware, botnets are rising as the most genuine risk against cybersecurity as they give a stage to criminal operations, for example, launching distributed denial of service (DDOS) attacks against targets, malware scattering, phishing, and click fraud and identity theft. Existing botnet detection techniques work only on specific botnet command and control (C&C) protocols and lack in providing early botnet detection. In this paper, we propose an approach for the early-stage detection of Botnets. Our approach first selects the optimal features using PCA (Principal Component Analysis) and Information Gain (IG) feature selection and feed these features into machine learning methods to evaluate the performance of our proposed technique. Our approach efficiently classifies normal and malicious traffic from normal ones. Our approach achieves the accuracy of 99%, TPR of 0.99%, and FPR of 0.007% in comparison with the existing approach.

Keyphrases: Botnet, Botnet Detection, C&C(Command and Control Channel), Cyber Security, Detection technique, Distributed denial of service (DDOS)attacks, Information Gain, PCA, Principal Component Analysis, Random Forest, cyber attack, early stage, important feature, machine learning, machine learning technique, network traffic

@booklet{EasyChair:3569,
  author    = {Ali Muhammad and Muhammad Asad and Abdul Rehman Javed},
  title     = {Robust Early Stage Botnet Detection using Machine Learning},
  howpublished = {EasyChair Preprint 3569},
  year      = {EasyChair, 2020}}