Machine Learning for HTTP Botnet Detection Using Classifier Algorithms

Recently, HTTP based Botnet threat has become a serious problem for computer security experts as bots can infect victim’s computer quick and stealthily. By using HTTP protocol, Bots are able to hide their communication flow within normal HTTP communications. In addition, since HTTP protocol is widely used by internet application, it is not easy to block this service as a precautionary approach. Thus, it is needed for expert finding ways to detect the HTTP Botnet in network traffic effectively. In this paper, we propose to implement machine learning classifiers, to detect HTTP Botnets. Network traffic dataset used in this research is extracted based on TCP packet feature. We also able to find the best machine learning classifier in our experiment. The proposed method is able to classify HTTP Botnet in network traffic using the best classifier in the experiment with an average accuracy of 92.93%.

[1]  N. M. Tahir,et al.  An efficient false alarm reduction approach in HTTP-based botnet detection , 2013, 2013 IEEE Symposium on Computers & Informatics (ISCI).

[2]  Chia-Mei Chen,et al.  Web botnet detection based on flow information , 2010, 2010 International Computer Symposium (ICS2010).

[3]  Mohd Faizal Abdollah,et al.  Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection , 2014, 2014 International Conference on Information Science & Applications (ICISA).

[4]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[5]  B. Muthukumar,et al.  Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach , 2015 .

[6]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[7]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.

[8]  Igor Santos,et al.  A Supervised Classification Approach for Detecting Packets Originated in a HTTP-based Botnet , 2013 .

[9]  Paulo Salvador,et al.  A Botnet Detection System Based on Neural Networks , 2010, 2010 Fifth International Conference on Digital Telecommunications.

[10]  Dimitrios Koutsouris,et al.  Artificial Neural Networks as Decision Support Tools in Cytopathology: Past, Present, and Future , 2016, Biomedical engineering and computational biology.

[11]  Miguel González Mendoza,et al.  Improving of Artifical Neural Networks Performance by Using GPU's : A Survey , 2013 .

[12]  Heejo Lee,et al.  PsyBoG: A scalable botnet detection method for large-scale DNS traffic , 2016, Comput. Networks.

[13]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[14]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[15]  Mourad Debbabi,et al.  Inferring distributed reflection denial of service attacks from darknet , 2015, Comput. Commun..

[16]  A. Nur Zincir-Heywood,et al.  Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers , 2014, 2014 28th International Conference on Advanced Information Networking and Applications Workshops.