Multilayer Framework for Botnet Detection Using Machine Learning Algorithms
A botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets c...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9359784/ |
| _version_ | 1831685874335612928 |
|---|---|
| author | Wan Nur Hidayah Ibrahim Syahid Anuar Ali Selamat Ondrej Krejcar Ruben Gonzalez Crespo Enrique Herrera-Viedma Hamido Fujita |
| author_facet | Wan Nur Hidayah Ibrahim Syahid Anuar Ali Selamat Ondrej Krejcar Ruben Gonzalez Crespo Enrique Herrera-Viedma Hamido Fujita |
| author_sort | Wan Nur Hidayah Ibrahim |
| collection | DOAJ |
| description | A botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets commonly used signature-based analysis unable to detect unseen botnets. The behavior-based analysis seems like a promising solution to the current trends of botnets that keep evolving. This paper proposes a multilayer framework for botnet detection using machine learning algorithms that consist of a filtering module and classification module to detect the botnet’s command and control server. We highlighted several criteria for our framework, such as it must be structure-independent, protocol-independent, and able to detect botnet in encapsulated technique. We used behavior-based analysis through flow-based features that analyzed the packet header by aggregating it to a 1-s time. This type of analysis enables detection if the packet is encapsulated, such as using a VPN tunnel. We also extend the experiment using different time intervals, but a 1-s time interval shows the most impressive results. The result shows that our botnet detection method can detect up to 92% of the f-score, and the lowest false-negative rate was 1.5%. |
| first_indexed | 2024-12-20T08:29:23Z |
| format | Article |
| id | doaj.art-f7a68974fc0643fa82fe3b8c4cf4431f |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-20T08:29:23Z |
| publishDate | 2021-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-f7a68974fc0643fa82fe3b8c4cf4431f2022-12-21T19:46:46ZengIEEEIEEE Access2169-35362021-01-019487534876810.1109/ACCESS.2021.30607789359784Multilayer Framework for Botnet Detection Using Machine Learning AlgorithmsWan Nur Hidayah Ibrahim0https://orcid.org/0000-0001-8516-3543Syahid Anuar1Ali Selamat2https://orcid.org/0000-0001-9746-8459Ondrej Krejcar3https://orcid.org/0000-0002-5992-2574Ruben Gonzalez Crespo4https://orcid.org/0000-0001-5541-6319Enrique Herrera-Viedma5https://orcid.org/0000-0002-7922-4984Hamido Fujita6https://orcid.org/0000-0001-5256-210XSchool of Computing, Faculty of Engineering, Game Innovation Centre of Excellence (MaGICX), Universiti Teknologi Malaysia and Media, Universiti Teknologi Malaysia, Johor Baharu, MalaysiaRazak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, MalaysiaSchool of Computing, Faculty of Engineering, Game Innovation Centre of Excellence (MaGICX), Universiti Teknologi Malaysia and Media, Universiti Teknologi Malaysia, Johor Baharu, MalaysiaCenter for Basic and Applied Research, Faculty of Informatics and Management, University of Hradec Kralove, Hradec Kralove, Czech RepublicDepartment of Computer Science and Technology, Universidad Internacional de La Rioja (UNIR), Logroño, SpainAndalusian Research Institute DaSCI Data Science and Computational Intelligence, University of Granada, Granada, SpainFaculty of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate, JapanA botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets commonly used signature-based analysis unable to detect unseen botnets. The behavior-based analysis seems like a promising solution to the current trends of botnets that keep evolving. This paper proposes a multilayer framework for botnet detection using machine learning algorithms that consist of a filtering module and classification module to detect the botnet’s command and control server. We highlighted several criteria for our framework, such as it must be structure-independent, protocol-independent, and able to detect botnet in encapsulated technique. We used behavior-based analysis through flow-based features that analyzed the packet header by aggregating it to a 1-s time. This type of analysis enables detection if the packet is encapsulated, such as using a VPN tunnel. We also extend the experiment using different time intervals, but a 1-s time interval shows the most impressive results. The result shows that our botnet detection method can detect up to 92% of the f-score, and the lowest false-negative rate was 1.5%.https://ieeexplore.ieee.org/document/9359784/Behavior-based analysisbotnetflow-based feature selectionk-nearest neighborstructure independent |
| spellingShingle | Wan Nur Hidayah Ibrahim Syahid Anuar Ali Selamat Ondrej Krejcar Ruben Gonzalez Crespo Enrique Herrera-Viedma Hamido Fujita Multilayer Framework for Botnet Detection Using Machine Learning Algorithms IEEE Access Behavior-based analysis botnet flow-based feature selection k-nearest neighbor structure independent |
| title | Multilayer Framework for Botnet Detection Using Machine Learning Algorithms |
| title_full | Multilayer Framework for Botnet Detection Using Machine Learning Algorithms |
| title_fullStr | Multilayer Framework for Botnet Detection Using Machine Learning Algorithms |
| title_full_unstemmed | Multilayer Framework for Botnet Detection Using Machine Learning Algorithms |
| title_short | Multilayer Framework for Botnet Detection Using Machine Learning Algorithms |
| title_sort | multilayer framework for botnet detection using machine learning algorithms |
| topic | Behavior-based analysis botnet flow-based feature selection k-nearest neighbor structure independent |
| url | https://ieeexplore.ieee.org/document/9359784/ |
| work_keys_str_mv | AT wannurhidayahibrahim multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT syahidanuar multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT aliselamat multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT ondrejkrejcar multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT rubengonzalezcrespo multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT enriqueherreraviedma multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms AT hamidofujita multilayerframeworkforbotnetdetectionusingmachinelearningalgorithms |