Performance evaluation of Botnet DDoS attack detection using machine learning

Botnet is regarded as one of the most sophisticated vulnerability threats nowadays. A large portion of network traffic is dominated by Botnets. Botnets are conglomeration of trade PCs (Bots) which are remotely controlled by their originator (BotMaster) under a Command and-Control (C&C) foundation. They are the keys to several Internet assaults like spams, Distributed Denial of Service Attacks (DDoS), rebate distortions, malwares and phishing. To over the problem of DDoS attack, various machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) (K-means, X-means etc.) were proposed. With the increasing popularity of Machine Learning in the field of Computer Security, it will be a remarkable accomplishment to carry out performance assessment of the machine learning methods given a common platform. This could assist developers in choosing a suitable method for their case studies and assist them in further research. This paper performed an experimental analysis of the machine learning methods for Botnet DDoS attack detection. The evaluation is done on the UNBS-NB 15 and KDD99 which are well-known publicity datasets for Botnet DDoS attack detection. Machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) are investigated for Accuracy, False Alarm Rate (FAR), Sensitivity, Specificity, False positive rate (FPR), AUC, and Matthews correlation coefficient (MCC) of datasets. Performance of KDD99 dataset has been experimentally shown to be better as compared to the UNBS-NB 15 dataset. This validation is significant in computer security and other related fields.

[1]  Feng Hao,et al.  ZombieCoin 2.0: managing next-generation botnets using Bitcoin , 2018, International Journal of Information Security.

[2]  Le Hoang Son,et al.  Towards granular calculus of single-valued neutrosophic functions under granular computing , 2019, Multimedia Tools and Applications.

[3]  Mohammad Reza Parsaei,et al.  Network Traffic Classification using Machine Learning Techniques over Software Defined Networks , 2017 .

[4]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[5]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[6]  José Antonio Lozano,et al.  Sensitivity Analysis of k-Fold Cross Validation in Prediction Error Estimation , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  Gabriel Maciá-Fernández,et al.  Survey and taxonomy of botnet research through life-cycle , 2013, CSUR.

[8]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[9]  J. K. Kalita,et al.  Botnet in DDoS Attacks: Trends and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[10]  Hui-Tang Lin,et al.  DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis , 2017, Comput. Secur..

[11]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[12]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[13]  Massimiliano Pontil,et al.  Support Vector Machines: Theory and Applications , 2001, Machine Learning and Its Applications.

[14]  R. Anitha,et al.  Structural analysis and detection of android botnets using machine learning techniques , 2017, International Journal of Information Security.

[15]  Georgios Kambourakis,et al.  New facets of mobile botnet: architecture and evaluation , 2015, International Journal of Information Security.

[16]  Tahira Mahboob,et al.  A Survey on Unsupervised Machine Learning Algorithms for Automation, Classification and Maintenance , 2015 .

[17]  Wanlei Zhou,et al.  Distributed Denial of Service (DDoS) detection by traffic pattern analysis , 2014, Peer-to-Peer Netw. Appl..

[18]  Vrizlynn L. L. Thing,et al.  Automated Botnet Traffic Detection via Machine Learning , 2018, TENCON 2018 - 2018 IEEE Region 10 Conference.

[19]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[20]  Herbert Bos,et al.  Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).

[21]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[22]  M. Buscema,et al.  Introduction to artificial neural networks. , 2007, European journal of gastroenterology & hepatology.

[23]  Konstantin Beznosov,et al.  Design and analysis of a social botnet , 2013, Comput. Networks.

[24]  J.A. Adam Data security-threats and countermeasures , 1992, IEEE Spectrum.

[25]  Ali Feizollah,et al.  A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection , 2013 .

[26]  Manju Khari,et al.  Assessment of Code Smell for Predicting Class Change Proneness Using Machine Learning , 2019, IEEE Access.

[27]  Leyla Bilge,et al.  Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis , 2012, ACSAC '12.

[28]  Ali Dehghantanha,et al.  BoTShark: A Deep Learning Approach for Botnet Traffic Detection , 2018 .

[29]  Ali A. Ghorbani,et al.  Automatic discovery of botnet communities on large-scale communication networks , 2009, ASIACCS '09.

[30]  Lisandro Zambenedetti Granville,et al.  Improving IoT Botnet Investigation Using an Adaptive Network Layer , 2019, Sensors.

[31]  Vinod Yegneswaran,et al.  Active Botnet Probing to Identify Obscure Command and Control Channels , 2009, 2009 Annual Computer Security Applications Conference.

[32]  Mohamed Abdel-Basset,et al.  Deep Learning Approach for Software Maintainability Metrics Prediction , 2019, IEEE Access.

[33]  Amuthan Arjunan,et al.  Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing , 2019, J. Ambient Intell. Humaniz. Comput..

[34]  Said El Kafhali,et al.  DDoS attack detection using machine learning techniques in cloud computing environments , 2017, 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech).

[35]  Wenke Lee,et al.  Beheading hydras: performing effective botnet takedowns , 2013, CCS.

[36]  Xuan Dau Hoang,et al.  Botnet Detection Based On Machine Learning Techniques Using DNS Query Data , 2018, Future Internet.

[37]  Gregory Blanc,et al.  ArOMA: An SDN based autonomic DDoS mitigation framework , 2017, Comput. Secur..

[38]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[39]  Le Hoang Son,et al.  Linear quadratic regulator problem governed by granular neutrosophic fractional differential equations. , 2020, ISA transactions.

[40]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[41]  William J. Buchanan,et al.  Evaluation of TFTP DDoS amplification attack , 2016, Comput. Secur..

[42]  Jens Myrup Pedersen,et al.  On the use of machine learning for identifying botnet network traffic , 2016, J. Cyber Secur. Mobil..

[43]  Musa A. Mammadov,et al.  Learning the naive Bayes classifier with optimization models , 2013, Int. J. Appl. Math. Comput. Sci..

[44]  Brij B. Gupta,et al.  Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment , 2018, Journal of Ambient Intelligence and Humanized Computing.

[45]  Mohamed Abdel-Basset,et al.  A Novel and Comprehensive Trust Estimation Clustering Based Approach for Large Scale Wireless Sensor Networks , 2019, IEEE Access.

[46]  Elena Sitnikova,et al.  Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques , 2017, MONAMI.

[47]  Arvind Krishnamurthy,et al.  Studying Spamming Botnets Using Botlab , 2009, NSDI.

[48]  Geert Deconinck,et al.  ConnectionScore: a statistical technique to resist application-layer DDoS attacks , 2014, J. Ambient Intell. Humaniz. Comput..

[49]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[50]  Guofu Li,et al.  Handling the adversarial attacks , 2019, J. Ambient Intell. Humaniz. Comput..