A Wrapper Based Feature Selection Using Grey Wolf Optimization for Botnet Attack Detection

Abstract

Aim: To design and evaluate the performance of a Grey Wolf Optimization (GWO) based wrapper feature selection applied to the Botnet malware detection system. Background: A botnet is malicious software controlled by a master and used to compromise a distributed set of systems, in turn targeting a victim. Powerful attacks like Distributed Denial of Service (DDoS) can be triggered using a botnet. With the rapid growth of the Internet of Things (IoT) and its omnipresence, the vulnerable IoT devices are also under threat of being a victim or a zombie. Objective: To optimize the listed botnet data traffic features, Grey Wolf Optimization (GWO), in a wrapper model, is used to search the useful features without affecting the classification accuracy. Method: The Botnet dataset consists of a total of 192 Command and Control (C&C) botnet channels HTTP traffic features, and network traffic session-based features. GWO optimization algorithm is used as a wrapper for feature selection, and evaluated on three different classifiers, viz., SVM, KNN, and DT. Results: Decision Tree (DT) and GWO wrapper produced the best results when compared with other classifiers. The output of the research reduces the botnet traffic features to 19 from 192, with an accuracy of 99.73% post the reduction. Conclusion: The proposed DT-GWO wrapper turns out to be an excellent choice for feature reduction for botnet attack detection. The strength of the DT-GWO wrapper is that it is able to retain the near fullfeature accuracy even after a massive reduction of 90.10% of the features.