Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

On Feature Selection Algorithms for Effective Botnet Detection

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The threats of botnets are becoming a growing concern infecting more and more computers every day. Although botnets can be detected from their behavioral patterns, it is becoming more challenging to differentiate the behavior between the malicious traffic and the legitimate traffic as with the advancement of the technologies the malicious traffics are following the similar behavioral patterns of benign traffics. The detection of malicious traffic largely depends on the traffic features that are being used to feed in the detection process. Selecting the best features for effective botnet detection is the main contribution of this paper. At the very beginning, we show the impact of different features on botnet detection process. Then we propose several heuristics to select the best features from a handful of possible features. Some proposed heuristics are truly feature-based and some are group-based, thus generating different accuracy levels. We also analyze time complexity of each heuristic and provide a detailed performance analysis. As working with all combinations of a large number of features is not feasible, some heuristics work by grouping the features based on their similarity in patterns and checking all combinations within the groups of small number of features which improves the time complexity by a large margin. Through experiments we show the efficacy of the proposed feature selection heuristics. The result shows that some heuristics outperform state-of-the-art feature selection algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Algorithm 1
Algorithm 2
Algorithm 3
Fig. 6
Fig. 7
Algorithm 4
Algorithm 5

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Availability of Data and Materials

Not applicable.

References

  1. Morgan, S.: Cybercrime To Cost The World \$10.5 Trillion Annually By 2025. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/. Accessed 15 May 2022 (2020)

  2. Faek, R., Al-Fawa’reh, M., Al-Fayoumi, M.: Exposing bot attacks using machine learning and flow level analysis. In: International Conference on Data Science, E-learning and Information Systems 2021 (2021)

  3. Nivargi, V., Bhaowal, M., Lee, T.: Machine learning based botnet detection. CS 229 Final Proj. Report, Comput. Sci. Dep. Stanford Univ (2006)

  4. Ahmed, A.A., et al.: Deep learning-based classification model for botnet attack detection. J. Ambient Intell. Hum. Comput. 2020, 1–10 (2020)

    Google Scholar 

  5. Miller, S., Busby-Earle, C.: The role of machine learning in botnet detection. In: 2016 11th International Conference for Internet Technology and Secured Transactions (icitst). IEEE (2016)

  6. Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56(1), 20–33 (2012)

    Article  Google Scholar 

  7. Hyslip, T.S., Pittman, J.M.: A survey of botnet detection techniques by command and control infrastructure. J. Digit. Forensics Secur. Law 10(1), 2 (2015)

    Google Scholar 

  8. Stevanovic, M., Pedersen, J.M.: Machine learning for identifying botnet network traffic (2013)

  9. Huh, S., et al.: A comprehensive analysis of today’s malware and its distribution network: common adversary strategies and implications. IEEE Access 10, 49566–49584 (2022)

    Article  Google Scholar 

  10. Mishra, N., Pandya, S.: Internet of things applications, security challenges, attacks, intrusion detection, and future visions: a systematic review. IEEE Access 9, 59353–59377 (2021)

    Article  Google Scholar 

  11. Mai, L., Park, M.: A comparison of clustering algorithms for botnet detection based on network flow. In: 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN). IEEE (2016)

  12. Tariq, F., Baig, S.: Machine learning based botnet detection in software defined networks. Int. J. Secur. Appl 11, 1–12 (2017)

    Google Scholar 

  13. Gu, G., et al.: Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. 139 (2008)

  14. Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., Felix, J., Hakimian, P.: Detecting P2P botnets through network behavior analysis and machine learning. In: IEEE PST, pp. 174–180 (2011)

  15. Kaushik, S.: Feature selection methods: machine learn ing. https://www.analyticsvidhya.com/blog/2016/12/introduction-to-feature-selection-methods-with-an-example-or-how-to-select-the-right-variables/ (2020)

  16. Zhao, Z., Anand, R., Wang, M.: Maximum relevance and minimum redundancy feature selection methods for a marketing machine learning platform. In: 2019 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 442–452 (2019). https://doi.org/10.1109/DSAA.2019.00059

  17. Beigi, E.B., Jazi, H.H., Stakhanova, N., Ghorbani, A.A.: Towards effective feature selection in machine learning-based botnet detection approaches. In: IEEE Conference on Communications and Network Security, pp. 247–255 (2014)

  18. Hossain, M.I., Eshrak, S., Auvik, M.J., Nasim, S.F., Rab, R., Rahman, A.: Efficient feature selection for detecting botnets based on network traffic and behavior analysis. In: 7th IEEE NSysS, pp. 56–62 (2020)

  19. Chaudhary, P., Shruti, S., Vanshika: Detection of botnet using flow analysis and clustering algorithm. Int. J. Mod. Educ. Comput. Sci. 11, 34–40 (2019)

    Article  Google Scholar 

  20. Stevanovic, M., Pedersen, J.M.: Machine learning for identifying botnet network traffic (2013)

  21. Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning techniques to identify botnet traffic. In: In IEEE LCN, pp. 967–974 (2006)

  22. Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39(2013), 2–16 (2013)

    Article  Google Scholar 

  23. Guofei, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection (2008)

  24. Alshamkhany, M., Alshamkhany, M., Wisam, D., Mohamed, A., Fadi, S.: Botnet attack detection using machine learning (2020). https://doi.org/10.1109/IIT50501.2020.9299061

  25. Nguyen, G.L., et al.: A collaborative approach to early detection of IoT Botnet. Comput. Electr. Eng. 97, 107525 (2022)

    Article  Google Scholar 

  26. Gahelot, P., Dayal, N.: Flow based botnet traffic detection using machine learning. In: Proceedings of ICETIT 2019. Springer, Cham, Switzerland, pp. 418–426 (2020)

  27. Velasco-Mata, J., et al.: Efficient detection of botnet traffic by features selection and decision trees. IEEE Access 9, 120567–120579 (2021)

    Article  Google Scholar 

  28. Zhao, D., Traore, I., Ghorbani, A., Sayed, B., Saad, S., Lu, W.: Peer to peer botnet detection based on flow intervals. In: IFIP SEC (2012)

  29. Liao, W.-H., Chang, C.-C.: Peer to peer botnet detection using data mining scheme. In: International Conference on Internet Technology and Applications, pp. 1–4 (2010)

  30. John, W., Tafvelin, S.: Differences between in-and outbound internet backbone traffic. In: TERENA Networking Conference (TNC) (2007)

  31. Almgren, M., John, W.: Tracking malicious hosts on a 10Gbps backbone link. In: Information Security Technology for Applications, pp. 104–120. Springer Berlin Heidelberg, Berlin (2012)

    Chapter  Google Scholar 

  32. Stinson, E., Mitchell, J.C.: Towards systematic evaluation of the evadability of bot/botnet detection methods. WOOT 8(2008), 1–9 (2008)

    Google Scholar 

  33. Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Botnet Detection. Springer, pp. 1–24 (2008)

  34. Garant, D., Lu, W.: Mining botnet behaviors on the large-scale web application community. In: 2013 27th International Conference on Advanced Information Networking and Applications Workshops. IEEE, pp. 185-190, (2013)

  35. Yu, X., Dong, X., Yu, G., Qin, Y., Yue, D.: Data-Adaptive Clustering Analysis for Online Botnet Detection, vol. 1 (2010)

  36. University of New Brunswick(UNB). 2014. ISCX Botnet dataset 2014. https://www.unb.ca/cic/datasets/botnet.html

  37. Ang, J.C., Mirzal, A., Haron, H., Hamed, H.N.A.: Supervised, unsupervised, and semi-supervised feature selection: a review on gene selection. IEEE/ACM Trans. Comput. Biol. Bioinform. 13(5), 971–989 (2016). https://doi.org/10.1109/TCBB.2015.2478454

    Article  Google Scholar 

  38. Brownlee, J.: How to choose a feature selection method for machine learning. Mach. Learn. Mastery 10 (2019)

  39. Solorio-Fernández, S., Ariel Carrasco-Ochoa, J., Martínez-Trinidad, J.F.: A review of unsupervised feature selection methods. Artif. Intell. Rev. 53(2), 907–948 (2020)

    Article  Google Scholar 

  40. Deng, X., et al.: Feature selection for text classification: a review. Multimed. Tools Appl. 78(3), 3797–3816 (2019)

    Article  Google Scholar 

  41. Verma, A.K., Pal, S., Kumar, S.: Prediction of skin disease using ensemble data mining techniques and feature selection method—a comparative study. Appl. Biochem. Biotechnol. 190(2), 341–359 (2020)

    Article  Google Scholar 

  42. Wafi, M., Faruq, U., Supianto, A.A.: Automatic feature selection for modified k-nearest neighbor to predict student’s academic performance. In: 2019 International Conference on Sustainable Information Engineering and Technology (SIET), pp. 44–48 (2019). https://doi.org/10.1109/SIET48054.2019.8986074

  43. Bashir, S., Khan, Z.S., Hassan Khan, F., Anjum, A., Bashir, K.: Improving heart disease prediction using feature selection approaches. In: 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 619–623 (2019). https://doi.org/10.1109/IBCAST.2019.8667106

  44. Kasongo, S.M., Sun, Y.: Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. J. Big Data 7(1), 1–20 (2020)

    Article  Google Scholar 

  45. Li, X.K., et al.: Building auto-encoder intrusion detection system based on random forest feature selection. Comput. Secur. 95, 101851 (2020)

    Article  Google Scholar 

  46. Zaheer, A., Sidra, T., Almufareh, M.F., Bushra, H.: A hybrid model for botnet detection using machine learning. In: 2023 International Conference on Business Analytics for Technology and Security (ICBATS). IEEE, pp. 1–8 (2023)

  47. Moorthy, R.S.S., Nathiya, N.: Botnet detection using artificial intelligence. Procedia Comput. Sci. 218, 1405–1413 (2023)

    Article  Google Scholar 

Download references

Funding

Not applicable.

Author information

Author notes

  1. Meher Afroz, Muntaka Ibnath, Ashikur Rahman, Jakia Sultana, Raqeebir Rab have contributed equally to this work.

Authors and Affiliations

  1. Department of Computer Science and Engineering (CSE), BUET, Polashi, Dhaka, 1205, Bangladesh

    Meher Afroz, Muntaka Ibnath, Ashikur Rahman & Jakia Sultana

  2. Department of Computer Science and Engineering (CSE), AUST, Love Lane, Dhaka, 1208, Bangladesh

    Raqeebir Rab

Authors
  1. Meher Afroz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muntaka Ibnath
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashikur Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jakia Sultana
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Raqeebir Rab
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Meher Afroz, Muntaka Ibnath, Ashikur Rahman & Jakia Sultana wrote the main manuscript text. Muntaka Ibnath, Ashikur Rahman, Raqeebir Rab & Meher Afroz prepared the figures. Meher Afroz prepared the tables. Jakia Sultana & Ashikur Rahman wrote the algorithms in the manuscript. All authors reviewed the manuscript.

Corresponding author

Correspondence to Ashikur Rahman.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Ethical Approval

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this paper has been accepted for publication in International Conference on Ubiquitous networking (UNet’22), October 25–27, 2022, Montréal, Canada.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Afroz, M., Ibnath, M., Rahman, A. et al. On Feature Selection Algorithms for Effective Botnet Detection. J Netw Syst Manage 32, 43 (2024). https://doi.org/10.1007/s10922-024-09817-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-024-09817-9

Keywords

Search

Navigation