Real-time botnet detection on large network bandwidths using machine learning
Abstract Botnets are one of the most harmful cyberthreats, that can perform many types of cyberattacks and cause billionaire losses to the global economy. Nowadays, vast amounts of network traffic are generated every second, hence manual analysis is impossible. To be effective, automatic botnet dete...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2023-03-01
|
| Series: | Scientific Reports |
| Online Access: | https://doi.org/10.1038/s41598-023-31260-0 |
| _version_ | 1797864940091998208 |
|---|---|
| author | Javier Velasco-Mata Víctor González-Castro Eduardo Fidalgo Enrique Alegre |
| author_facet | Javier Velasco-Mata Víctor González-Castro Eduardo Fidalgo Enrique Alegre |
| author_sort | Javier Velasco-Mata |
| collection | DOAJ |
| description | Abstract Botnets are one of the most harmful cyberthreats, that can perform many types of cyberattacks and cause billionaire losses to the global economy. Nowadays, vast amounts of network traffic are generated every second, hence manual analysis is impossible. To be effective, automatic botnet detection should be done as fast as possible, but carrying this out is difficult in large bandwidths. To handle this problem, we propose an approach that is capable of carrying out an ultra-fast network analysis (i.e. on windows of one second), without a significant loss in the F1-score. We compared our model with other three literature proposals, and achieved the best performance: an F1 score of 0.926 with a processing time of 0.007 ms per sample. We also assessed the robustness of our model on saturated networks and on large bandwidths. In particular, our model is capable of working on networks with a saturation of 10% of packet loss, and we estimated the number of CPU cores needed to analyze traffic on three bandwidth sizes. Our results suggest that using commercial-grade cores of 2.4 GHz, our approach would only need four cores for bandwidths of 100 Mbps and 1 Gbps, and 19 cores on 10 Gbps networks. |
| first_indexed | 2024-04-09T23:00:07Z |
| format | Article |
| id | doaj.art-ec59fe5fe6ea458a9a17390960063128 |
| institution | Directory Open Access Journal |
| issn | 2045-2322 |
| language | English |
| last_indexed | 2024-04-09T23:00:07Z |
| publishDate | 2023-03-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj.art-ec59fe5fe6ea458a9a173909600631282023-03-22T11:02:10ZengNature PortfolioScientific Reports2045-23222023-03-0113111010.1038/s41598-023-31260-0Real-time botnet detection on large network bandwidths using machine learningJavier Velasco-Mata0Víctor González-Castro1Eduardo Fidalgo2Enrique Alegre3Department of Electrical Systems and Automation Engineering, Universidad de LeónDepartment of Electrical Systems and Automation Engineering, Universidad de LeónDepartment of Electrical Systems and Automation Engineering, Universidad de LeónDepartment of Electrical Systems and Automation Engineering, Universidad de LeónAbstract Botnets are one of the most harmful cyberthreats, that can perform many types of cyberattacks and cause billionaire losses to the global economy. Nowadays, vast amounts of network traffic are generated every second, hence manual analysis is impossible. To be effective, automatic botnet detection should be done as fast as possible, but carrying this out is difficult in large bandwidths. To handle this problem, we propose an approach that is capable of carrying out an ultra-fast network analysis (i.e. on windows of one second), without a significant loss in the F1-score. We compared our model with other three literature proposals, and achieved the best performance: an F1 score of 0.926 with a processing time of 0.007 ms per sample. We also assessed the robustness of our model on saturated networks and on large bandwidths. In particular, our model is capable of working on networks with a saturation of 10% of packet loss, and we estimated the number of CPU cores needed to analyze traffic on three bandwidth sizes. Our results suggest that using commercial-grade cores of 2.4 GHz, our approach would only need four cores for bandwidths of 100 Mbps and 1 Gbps, and 19 cores on 10 Gbps networks.https://doi.org/10.1038/s41598-023-31260-0 |
| spellingShingle | Javier Velasco-Mata Víctor González-Castro Eduardo Fidalgo Enrique Alegre Real-time botnet detection on large network bandwidths using machine learning Scientific Reports |
| title | Real-time botnet detection on large network bandwidths using machine learning |
| title_full | Real-time botnet detection on large network bandwidths using machine learning |
| title_fullStr | Real-time botnet detection on large network bandwidths using machine learning |
| title_full_unstemmed | Real-time botnet detection on large network bandwidths using machine learning |
| title_short | Real-time botnet detection on large network bandwidths using machine learning |
| title_sort | real time botnet detection on large network bandwidths using machine learning |
| url | https://doi.org/10.1038/s41598-023-31260-0 |
| work_keys_str_mv | AT javiervelascomata realtimebotnetdetectiononlargenetworkbandwidthsusingmachinelearning AT victorgonzalezcastro realtimebotnetdetectiononlargenetworkbandwidthsusingmachinelearning AT eduardofidalgo realtimebotnetdetectiononlargenetworkbandwidthsusingmachinelearning AT enriquealegre realtimebotnetdetectiononlargenetworkbandwidthsusingmachinelearning |