Early Botnet Detection for the Internet and the Internet of Things by Autonomous Machine Learning

Abstract

The high costs generated by attacks and the increasing number of different devices on the Internet and the Internet of Things (IoT) propel the early detection of botnets (i.e., network of infected devices) as a way to gain advantage against attacks. However, botnet early detection is challenging due to the continuous mutation, sophistication, and massive data volume, this last mainly resulted from sensor networks and IoT. The literature addresses botnets by modeling the behavior of malware spread, the classification of malicious traffic, and the analysis of traffic anomalies. This paper presents ANTE, a system for ANTicipating botnEts signals based on machine learning algorithms. The ANTE design allows it to adapt to different scenarios by learning to detect different types of botnets throughout its execution. Hence, ANTE autonomously selects the most appropriate machine learning pipeline for each type of botnet to maximize the correct classification before an attack effectively begins. The ANTE evaluation follows a comparison of its results to others from the literature considering three datasets: ISOT HTTP Botnet, CTU-13, and CICDDoS2019. Results show an average accuracy of 99.87% and an average botnet detection precision of 100%.