An Efficient Botnet Detection Methodology using Hyper-parameter Optimization Trough Grid-Search Techniques

In recent years botnets have become serious threats for Internet-based services and infrastructures. Prompt detection can mitigate the impact of several attacks including Denial-of-service (DDoS), spam, phishing, identity theft, and information leaking. Actually, physical and logical appliances over networks are addressing botnet discovery. However, signature-based solutions require constant updates from repositories, which is a concerning setback given the rapid development of new threats. An alternative solution to overcome such limitations is to train Machine Learning (ML) algorithms to accurately identify malicious network flows. Although the state-of-the-art provide significant advances in botnet classification using machine and statistical learning, the algorithm selection procedure is not properly defined nor explained. In this work an algorithm portfolio is built to test performance between several supervised learning algorithms using a hyper-parameter optimization technique known as Grid Search. Experimental results prove that by tuning algorithms trained models can outperform detection accuracy in an efficient manner.

[1]  Claudia Szabo,et al.  An adaptive framework for the detection of novel botnets , 2018, Comput. Secur..

[2]  J. R. Quinlan Induction of decision trees , 2004, Machine Learning.

[3]  Li Zhang,et al.  A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks , 2016, Neural Computing and Applications.

[4]  N. Altman An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression , 1992 .

[5]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[6]  Ali A. Ghorbani,et al.  A Survey Leading to a New Evaluation Framework for Network-based Botnet Detection , 2017, ICCNS.

[7]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[8]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[9]  Yi-Bing Lin,et al.  Detecting P2P Botnet in Software Defined Networks , 2018, Secur. Commun. Networks.

[10]  Lambert J. M. Nieuwenhuis,et al.  Business Model of a Botnet , 2018, 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[11]  Lars Kotthoff,et al.  A Preliminary Evaluation of Machine Learning in Algorithm Selection for Search Problems , 2011, SOCS.

[12]  Foster Provost,et al.  Machine Learning from Imbalanced Data Sets 101 , 2008 .

[13]  Ya-Ching Chang,et al.  Detecting Web-Based Botnets Using Bot Communication Traffic Features , 2017, Secur. Commun. Networks.

[14]  Sebastian Garcia,et al.  THE NETWORK BEHAVIOUR OF MALWARE TO BLOCK MALICIOUS PATTERNS . THE STRATOSPHERE PROJECT : A BEHAVIOURAL IPS , 2016 .

[15]  David W. Hosmer,et al.  Applied Logistic Regression , 1991 .

[16]  S. Parik,et al.  Malware Detection in Cloud Computing Infrastructures , 2015 .

[17]  Divya Bansal,et al.  Malware Analysis and Classification: A Survey , 2014 .

[18]  Andreas Mauthe,et al.  Analysis and characterisation of botnet scan traffic , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[19]  Paul Geladi,et al.  Principal Component Analysis , 1987, Comprehensive Chemometrics.

[20]  Jing Wang,et al.  Botnet Detection Based on Anomaly and Community Detection , 2017, IEEE Transactions on Control of Network Systems.

[21]  John R. Rice,et al.  The Algorithm Selection Problem , 1976, Adv. Comput..

[22]  Kaizhu Huang,et al.  Imbalanced learning with a biased minimax probability machine , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[23]  Jens Myrup Pedersen,et al.  An efficient flow-based botnet detection using supervised machine learning , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[24]  Karim Afdel,et al.  Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest , 2018, Secur. Commun. Networks.

[25]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[26]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.