Abstract
Detecting botnet threats has been an ongoing research endeavor. Machine Learning (ML) techniques have been widely used for botnet detection with flow-based features. The prime challenges with flow-based features are that they have high computational overhead and do not fully capture network communication patterns. Recently, graph-based ML has witnessed a dramatic increase in attention. In communication networks, graph data offers insights information about communication patterns between hosts. In this paper, we propose a graph-based ML model for botnet detection that first considers the significance of graph features before developing a generalized model for detecting botnets based on the selected important features. We explore different feature sets selected using five filter-based feature evaluation measures derived from various theories such as consistency, correlation, and information. Two heterogeneous botnet datasets, CTU-13 and IoT-23, were used to evaluate the effectiveness of the proposed graph-based botnet detection with several supervised ML algorithms. Experiment results show that using features reduces training time and model complexity and provides high bots detection rate. Our proposed detection model detects different types of botnet families and exhibits robustness to zero-day attacks. Compared to state-of-the-art techniques flow-, and graph-based, our approach achieves higher precision and shows competitive accuracy.
Highlights
I N recent years, there has been an increase in demand for cybersecurity and defense against various forms of cyber-attacks
Cybersecurity has recently attracted a lot of attention due to the popularity of Internet of Things (IoT), the exponential development of computer networks, and the large number of applications used by individuals or groups for personal or industrial purposes
In this paper, we present a graph, Machine Learning (ML)-based security model for botnet detection that first considers the importance of graph features and builds a generalized model for detecting botnets based on the selected important features to address the aforementioned limitations
Summary
I N recent years, there has been an increase in demand for cybersecurity and defense against various forms of cyber-attacks. Malicious software (Malware) attacks are progressively increasing. A significant amount of research has been conducted in the field of cybersecurity to detect and prevent botnets and botnet-driven attacks. Numerous botnet detection techniques have been developed, which can be broadly categorized as signature-based and anomaly-based [3]. Signature-based techniques detect intrusions based on predefined attacks patterns (signatures). Signature-based IDSs are able to efficiently detect known threats and generally, they scale well. Many researchers implemented signature-based IDSs [19]–[21]. Signature-based approaches become obsolete against unknown new or modified attacks. Signature-based detection requires consistent database updates, as they mainly rely on known attacks signatures
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
