Real-time botnet detection on large network bandwidths using machine learning

Velasco-Mata, Javier; González-Castro, V́ıctor; Fidalgo, Eduardo; Alegre, Enrique

doi:10.1038/s41598-023-31260-0

Cited by 17 publications

(3 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Mata et al 57 have developed a botnet detection model in real time using a decision tree classifier. For this purpose, they have taken a very small feature set of only four features.…”

Section: Real Time Botnet Detection Using ML Algorithmsmentioning

confidence: 99%

Reviewing various feature selection techniques in machine learning‐based botnet detection

Baruah,

Borah,

Deka

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryMachine learning approaches are widely used for the detection and classification of emerging botnet variations due to their ability to yield more precise results compared to traditional methods. The relevancy of the features plays a major role in these detection algorithms' effectiveness. As such, the most distinctive characteristics must be extracted from a high‐dimensional dataset that is used to classify botnets. Nevertheless, we discovered that the majority of earlier studies lacked proper analysis and paid little attention to the various feature selection techniques. The main goal of this work is to investigate and assess the advantages and disadvantages of the different feature selection techniques used for botnet detection. Studies show that feature selection is a very efficient way to decrease the amount of storage and processing power required while simultaneously increasing classification accuracy. As a consequence, its application in many other fields has grown. The field of feature selection is recognized for its non‐deterministic polynomial‐time hardness; to mitigate this hardness, metaheuristic techniques have been applied. Metaheuristic algorithms are exceptionally good at performing a global search. In order to choose feature subsets optimally in the field of botnet detection, we additionally prioritize the use of metaheuristic methods. This study offers a more thorough insight of the feature selection strategies that are primarily employed by machine learning‐based botnet detection models. It also offers insights into how better feature selection approaches might be applied to strengthen botnet detection mechanisms. Additionally, it will help in understanding the limitations of existing approaches and identifying areas for improvement.

show abstract

“…Mata et al 57 have developed a botnet detection model in real time using a decision tree classifier. For this purpose, they have taken a very small feature set of only four features.…”

Section: Real Time Botnet Detection Using ML Algorithmsmentioning

confidence: 99%

Reviewing various feature selection techniques in machine learning‐based botnet detection

Baruah,

Borah,

Deka

2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Por se tratar de treinamento adaptativo, um aspecto central de seu trabalho é como lidar com a deriva de conceito (concept drift) decorrente de mudanc ¸as nos padrões de tráfego da rede IoT. Velasco-Mata et al realiza detecc ¸ão de botnets usando aprendizado de máquina em redes de alta velocidade [Velasco-Mata et al 2023]. O trabalho emprega uma árvore de decisão e usa um conjunto de quatro características simples acoplados a uma janela de tempo de um segundo, com o objetivo de otimizar o desempenho da proposta.…”

Section: Trabalhos Relacionadosunclassified

DL-SAFE: Proteção Baseada em Aprendizado Profundo para Detecção de Botnets na Borda

Guimarães,

Couto

2023

Anais Estendidos Do XXIII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg Estendido 2023)

View full text Add to dashboard Cite

Dispositivos de Internet das Coisas (IoT) são fundamentais para setores como casas, cidades e redes inteligentes. Entretanto, a existência de bilhões de dispositivos com poder computacional limitado os torna alvos para botnets. Este artigo propõe DL-SAFE, uma ferramenta para classificação de tráfego em ambientes de borda usando Open Argus e Pytorch. A ferramenta também permite a avaliação de arquiteturas de redes neurais usando 3 tipos de camadas. Os resultados demonstram a eficácia da ferramenta, obtendo precisão e sensibilidade superior a 99% para diversos modelos. Os teste de vazão apontam que o desempenho varia de acordo com a arquitetura, com metade dos modelos avaliados processando mais de 1000 fluxos por segundo.

show abstract

“…Unsupervised machine learning using clustering algorithms, like k-means, x-means, and EM clustering, was utilized for botnet detection, revealing dissimilarities between botnet flow data and normal data [12]. Real-time botnet analysis was addressed by [13], using machine learning with minimal features. Behavior-based approaches with machine learning algorithms, such as Multilayer Perceptron, k-Nearest Neighbor, and Support Vector Machine, were shown to be effective for botnet detection [14].…”

mentioning

confidence: 99%

Enhancing Botnet Detection in Network Security Using Profile Hidden Markov Models

Mannikar,

Di Troia

2024

Applied Sciences

View full text Add to dashboard Cite

A botnet is a network of compromised computer systems, or bots, remotely controlled by an attacker through bot controllers. This covert network poses a threat through large-scale cyber attacks, including phishing, distributed denial of service (DDoS), data theft, and server crashes. Botnets often camouflage their activity by utilizing common internet protocols, such as HTTP and IRC, making their detection challenging. This paper addresses this threat by proposing a method to identify botnets based on distinctive communication patterns between command and control servers and bots. Recognizable traits in botnet behavior, such as coordinated attacks, heartbeat signals, and periodic command distribution, are analyzed. Probabilistic models, specifically Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), are employed to learn and identify these activity patterns in network traffic data. This work utilizes publicly available datasets containing a combination of botnet, normal, and background traffic to train and test these models. The comparative analysis reveals that both HMMs and PHMMs are effective in detecting botnets, with PHMMs exhibiting superior accuracy in botnet detection compared to HMMs.

show abstract

Real-time botnet detection on large network bandwidths using machine learning

Cited by 17 publications

References 41 publications

Reviewing various feature selection techniques in machine learning‐based botnet detection

Reviewing various feature selection techniques in machine learning‐based botnet detection

DL-SAFE: Proteção Baseada em Aprendizado Profundo para Detecção de Botnets na Borda

Enhancing Botnet Detection in Network Security Using Profile Hidden Markov Models

Contact Info

Product

Resources

About