Botnet Detection in Network System Through Hybrid Low Variance Filter, Correlation Filter and Supervised Mining Process

To date, malware caused by botnet activities is one of the most serious cybersecurity threats faced by internet communities. Researchers have proposed data-mining-based IDS as an alternative solution to misuse-based IDS and anomaly-based IDS to detect botnet activities. In this paper, we propose a new method that improves IDS performance to detect botnets. Our method combines two statistical methods, namely low variance filter and Pearson correlation filter, in the feature-selection process. To prove our method can increase the performance of a data-mining-based IDS, we use accuracy and computational time as parameters. A benchmark intrusion dataset (ISCX2017) is used to evaluate our work. Thus, our method reduces the number of features to be processed by the IDS from 77 to 15. Although the number of features decreases, it does not significantly change the accuracy. The computational time is decreased from 71 seconds to 5.6 seconds.

[1]  Mamun Bin Ibne Reaz,et al.  Review of IDS Develepment Methods in Machine Learning , 2016 .

[2]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[3]  Iwan Syarif,et al.  Big data analysis architecture for multi IDS sensors using memory based processor , 2017, 2017 International Electronics Symposium on Knowledge Creation and Intelligent Computing (IES-KCIC).

[4]  Yan Chen,et al.  Botnet Research Survey , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[5]  Sugata Sanyal,et al.  SCIDS: A Soft Computing Intrusion Detection System , 2004, IWDC.

[6]  Ali A. Ghorbani,et al.  An Evaluation Framework for Intrusion Detection Dataset , 2016, 2016 International Conference on Information Science and Security (ICISS).

[7]  Dorian Pyle,et al.  Data Preparation for Data Mining , 1999 .

[8]  Tai-hoon Kim,et al.  Linear Correlation-Based Feature Selection for Network Intrusion Detection Model , 2013, SecNet.

[9]  K. S. Vijaya Lakshmi,et al.  Network Intrusion Detection Using Improved Decision Tree Algorithm , 2012 .

[10]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[11]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[12]  Nitesh V. Chawla,et al.  Data Mining for Imbalanced Datasets: An Overview , 2005, The Data Mining and Knowledge Discovery Handbook.