Botnet Detection Using Artificial Intelligence

Abstract

In the year 2021 more than 80 million data were breached by cyber attackers. Most of these attacks were executed as a type of ransomware attack and cyber-attack. There are different methods performed by attackers to target individual user, but to breach an organization, they use Botnet forces. A botnet (robot network), is malware infected network that is controlled by a single attacker called bot-herder. Cyber - attacker attacks many users with their malware script by different mediums like emails, spams and takes command and control (CC) of the victim device. Using these devices attacker forms a network and performs large attack like distributed denial-of-service (DDoS), attack on an organization to breach data. The complex analysis for cybersecurity analyst is to find bot-herder and the infected network. The structures of the botnets are become very different now days. Botnets can be found with its peer-peer (p2p) structure, signature detection, behavioral analysis, domain names (DNS) and network traffic. To make this different feature analysis easier, the usage of artificial intelligence (AI) is introduced in cyber security. Data from previous attacks are collected, trained using a model which helps in prediction of future attacks. Detection of DNS of core CC servers using AI are widely used nowadays. This research mainly focuses on detection of botnet malware from the net flows of malware packets. The botnet attack data set are collected from resources like Czech - university (CTU-13), Information security and object technology (ISOT). The bi-directional net flow data and the calculation of the network packets are used. Using algorithms like support vector machine (SVM), decision tree and multi-layer perceptron, the data set is trained and tested. After the training and testing, the decision tree model has good accuracy and performance metrics of 92%. This model is considered as a best fit model and helps in detection the of malware packets. The research's objective is to build an alerting system which reports once a malware packet is intruded into a network.