An implementation of Botnet dataset to predict accuracy based on network flow model

Botnet is a malicious software that can perform malicious activities, such as (Distributed Denial of Services) DDoS, spamming, phishing, key logging, click fraud, steal personal information and important data, etc. Botnets can replicate themselves without user consent. Several systems of botnet detection have been done by using a machine learning method with feature selection approach. Currently, the creation of dataset feature based on network flow, Domain Name System (DNS) traffic and content based that represent botnet behavior. Unfortunately the dataset for botnet detection is dummy dataset, to implement in machine learning needs extractor tool which is very expensive to buy. Therefore we create our own features extractor. In this paper we propose network flow using connection logs approach on the dataset. First of all we made the data model using pair of source IP (Internet Protocol), destination IP and source port, destination port in a period time to extract new features. To predict the accuracy, the extracted features will be validated using K-Fold Cross Validation with number of k= 10. The results of the validation with six various types of botnet shows the high Precision=98.70%, F-Measure=99.40%, Recall=98.80%, and Accuracy=98.80% for Rule Induction algorithm, while K-Nearest Neighbor is the most stable than all algorithms that achieve precision, Recall, F-measure and accuracy to 98.10% and high speed (50 ms).

[1]  安藤 寛,et al.  Cross-Validation , 1952, Encyclopedia of Machine Learning and Data Mining.

[2]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[3]  Wei Lu,et al.  Mining Botnet Behaviors on the Large-Scale Web Application Community , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[4]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[5]  Andreas Haeberlen,et al.  Challenges in Experimenting with Botnet Detection Systems , 2011, CSET.

[6]  Chia-Mei Chen,et al.  Detecting botnet by anomalous traffic , 2015, J. Inf. Secur. Appl..

[7]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[8]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[9]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[10]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.