Abstract:Botnet employs advanced evasion techniques to avoid detection. One of the Botnet evasion techniques is by hiding their command and control communication over an encrypted channel like SSL and TLS. This paper provides a Botnet Analysis and Detection System (BADS) framework for detecting Botnet. The BADS framework has been used as a guideline to devise the methodology, and we divided this methodology into six phases: i. data collection, customization, and conversion, ii. feature extraction and feature selection,… Show more
“…Experimental results shows that KNN classification algorithm yields more accurate results than any other classification algorithm, regardless of the FS techniques used. Ismail et al 32 have proposed a P2P botnet detection approach using various ML algorithms. They have also used feature extraction and FS.…”
Section: Fs In the Domain Of Botnet Detectionmentioning
SummaryMachine learning approaches are widely used for the detection and classification of emerging botnet variations due to their ability to yield more precise results compared to traditional methods. The relevancy of the features plays a major role in these detection algorithms' effectiveness. As such, the most distinctive characteristics must be extracted from a high‐dimensional dataset that is used to classify botnets. Nevertheless, we discovered that the majority of earlier studies lacked proper analysis and paid little attention to the various feature selection techniques. The main goal of this work is to investigate and assess the advantages and disadvantages of the different feature selection techniques used for botnet detection. Studies show that feature selection is a very efficient way to decrease the amount of storage and processing power required while simultaneously increasing classification accuracy. As a consequence, its application in many other fields has grown. The field of feature selection is recognized for its non‐deterministic polynomial‐time hardness; to mitigate this hardness, metaheuristic techniques have been applied. Metaheuristic algorithms are exceptionally good at performing a global search. In order to choose feature subsets optimally in the field of botnet detection, we additionally prioritize the use of metaheuristic methods. This study offers a more thorough insight of the feature selection strategies that are primarily employed by machine learning‐based botnet detection models. It also offers insights into how better feature selection approaches might be applied to strengthen botnet detection mechanisms. Additionally, it will help in understanding the limitations of existing approaches and identifying areas for improvement.
“…Experimental results shows that KNN classification algorithm yields more accurate results than any other classification algorithm, regardless of the FS techniques used. Ismail et al 32 have proposed a P2P botnet detection approach using various ML algorithms. They have also used feature extraction and FS.…”
Section: Fs In the Domain Of Botnet Detectionmentioning
SummaryMachine learning approaches are widely used for the detection and classification of emerging botnet variations due to their ability to yield more precise results compared to traditional methods. The relevancy of the features plays a major role in these detection algorithms' effectiveness. As such, the most distinctive characteristics must be extracted from a high‐dimensional dataset that is used to classify botnets. Nevertheless, we discovered that the majority of earlier studies lacked proper analysis and paid little attention to the various feature selection techniques. The main goal of this work is to investigate and assess the advantages and disadvantages of the different feature selection techniques used for botnet detection. Studies show that feature selection is a very efficient way to decrease the amount of storage and processing power required while simultaneously increasing classification accuracy. As a consequence, its application in many other fields has grown. The field of feature selection is recognized for its non‐deterministic polynomial‐time hardness; to mitigate this hardness, metaheuristic techniques have been applied. Metaheuristic algorithms are exceptionally good at performing a global search. In order to choose feature subsets optimally in the field of botnet detection, we additionally prioritize the use of metaheuristic methods. This study offers a more thorough insight of the feature selection strategies that are primarily employed by machine learning‐based botnet detection models. It also offers insights into how better feature selection approaches might be applied to strengthen botnet detection mechanisms. Additionally, it will help in understanding the limitations of existing approaches and identifying areas for improvement.
“…Based on literature [14], there are three major methods of botnet detection such as host-based detection, honeynet detection and network-based detection. Recently, machine learning based detection has become the most widely used for detecting botnets methods as proven by previous literature [15], [16], [4], [5]. In addition, the number and complexity of IoT devices is also growing, it has become important to develop effective botnet detection methods.…”
Section: Related Workmentioning
confidence: 99%
“…Ismail et al [4] proposed a Botnet Analysis and Detection System (BADS) which could detect Botnet in encrypted channel and includes the autonomous feature. The BADS framework comprises of three main components which are Network Analysis System (NAS), IDS and Alarm System www.ijacsa.thesai.org (AS).…”
Section: A Botnet Detection Frameworkmentioning
confidence: 99%
“…Once infected, the botmaster will gain access to the victim's computer without victim acknowledgment [3]. In [4], botnet can perform DDoS attacks, spamming, malware and compromise a large computer. These activities pose a significant risk to national security, public or private organizations, and individual.…”
In the dynamic landscape of evolving cyber threats, Security Operations Centers (SOCs) play an important role in protecting digital assets. Among these threats, botnets are particularly challenging due to their ability to take over many devices and launch coordinated attacks. Through comparative analysis, the research gaps in existing frameworks have been identified. Based on these insights, a botnet detection and incident response framework aligned with SOC practices has been proposed. This proposed framework emphasizes proactive measures by integrating threat intelligence, detection and monitoring tools to detect botnet attack and facilitate rapid response. Future research will focus on conducting evaluation and validation studies to assess the effectiveness and performance of the framework in controlled environments. This effort will contribute to develop the framework and ensuring it aligns with practical cybersecurity needs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.