On Feature Selection Algorithms for Effective Botnet Detection

Abstract

The threats posed by botnets are becoming a growing concern as more and more computers are getting infected every day. Although botnets can be detected from their behavioral patterns, the margin in the behavior of the malicious traffic and the legitimate traffic are diminishing with the advancement of the technologies as the malicious traffics have learned to follow the behavioral patterns of benign traffics. The detection of malicious traffic largely depends on the traffic characteristics that are being used to feed the detection algorithm. Selecting the best features for effective botnet detection is still infancy and is the main contribution of this paper. At the very beginning, we iterate different features used for botnet detection process. Then we propose several heuristics to select the best features from this handful set. Some proposed heuristics are flat feature-based and some are group-based yielding different levels of accuracy. We also analyze the time complexity of each heuristic and provide a comprehensive performance comparison. As working with all combinations of a large number of features is infeasible and intractable, some proposed heuristics group the features based on their similarity in patterns and check all combinations within the group of small sizes, eventually improving the time complexity by a large margin. Through experiments, we show the efficacy of the proposed feature selection heuristics. The result shows that some heuristics outperform state-of-the-art feature selection algorithms.