Botnet Detection using Machine Learning

The small program to perform any type of malicious activity that may damage the system of the legal user automatically without legal users' knowledge is called a bot (bad bot). The network of bots under the control of a botmaster is called a botnet. It is a serious threat to information, commun...

Full description

Saved in:
Bibliographic Details
Main Authors: Haq, Shamsul, Singh, Yashwant
Format: Conference Proceeding
Language:English
Subjects:
and clustering
Botnet
classification
Classification algorithms
Clustering algorithms
Command and control systems
Feature extraction
Machine learning
Machine learning algorithms
Malicious activities
P2P
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The small program to perform any type of malicious activity that may damage the system of the legal user automatically without legal users' knowledge is called a bot (bad bot). The network of bots under the control of a botmaster is called a botnet. It is a serious threat to information, communication, and economy etc. The interaction of devices to form a botnet are smartphones, computers, IoT systems whose vulnerabilities are exploited and so the security is breached to relinquish the control to bot controllers or third-party. On the basis of C2 (command and control) structure the botnet is considered as a centralized, decentralized or hybrid type, however, the architecture of botnet includes botmaster, C2 (low false positive rates) respectively. The machine learning plays an essential role in the detection and recognition of Botnets and is therefore explored in thispaper. In this paper, the mean of the accuracy of k-means clustering and j48 classification approach (hybrid approach) is calculated while using the two random dataset partitions whose sum are always equal to the original dataset to compute the accuracy of low positive rates and high positive rates based on the percentages of "correctly and incorrectly instances". The comparative analysis of the three techniques i.e. clustering, classification, and hybrid approach suggest that the results of classification and clustering are constant on one end i.e. lower in case of classification and higher in case of clustering and on the contrary, results of our approach are varying in nature and gives the approximation in both the processes.
ISSN:2573-3079
DOI:10.1109/PDGC.2018.8745912