A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems
In smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2022-03-01
|
| Series: | International Journal of Distributed Sensor Networks |
| Online Access: | https://doi.org/10.1177/15501477211049910 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832553149235200000 |
|---|---|
| author | Li Duan Jingxian Zhou You Wu Wenyao Xu |
| author_facet | Li Duan Jingxian Zhou You Wu Wenyao Xu |
| author_sort | Li Duan |
| collection | DOAJ |
| description | In smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic data. In this article, we present a novel and highly efficient botnet detection method based on an autoencoder neural network in cooperation with decision trees on a given network. The deep flow inspection method and statistical analysis are first applied as a feature selection technique to select relevant features, which are used to characterize the communication-related behavior between network nodes. Then, the autoencoder neural network for feature selection is used to improve the efficiency of model construction. Finally, Tomek-Recursion Borderline Synthetic Minority Oversampling Technique generates additional minority samples to achieve class balance, and an improved gradient boosting decision tree algorithm is used to train and establish an abnormal traffic detection model to improve the detection of unbalanced botnet data. The results of experiments on the ISCX-botnet traffic dataset show that the proposed method achieved better botnet detection performance with 99.10% recall, 99.20% accuracy, 99.1% F1 score, and 99.0% area under the curve. |
| format | Article |
| id | doaj-art-c1352059f8a24dd9b2394c831b7402f9 |
| institution | Kabale University |
| issn | 1550-1477 |
| language | English |
| publishDate | 2022-03-01 |
| publisher | Wiley |
| record_format | Article |
| series | International Journal of Distributed Sensor Networks |
| spelling | doaj-art-c1352059f8a24dd9b2394c831b7402f92025-02-03T05:55:25ZengWileyInternational Journal of Distributed Sensor Networks1550-14772022-03-011810.1177/15501477211049910A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systemsLi Duan0Jingxian Zhou1You Wu2Wenyao Xu3Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing, ChinaInformation Security Evaluation Center, Civil Aviation University of China, Tianjin, ChinaSino-European Institute of Aviation Engineering, Civil Aviation University of China, Tianjin, ChinaBeijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing, ChinaIn smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic data. In this article, we present a novel and highly efficient botnet detection method based on an autoencoder neural network in cooperation with decision trees on a given network. The deep flow inspection method and statistical analysis are first applied as a feature selection technique to select relevant features, which are used to characterize the communication-related behavior between network nodes. Then, the autoencoder neural network for feature selection is used to improve the efficiency of model construction. Finally, Tomek-Recursion Borderline Synthetic Minority Oversampling Technique generates additional minority samples to achieve class balance, and an improved gradient boosting decision tree algorithm is used to train and establish an abnormal traffic detection model to improve the detection of unbalanced botnet data. The results of experiments on the ISCX-botnet traffic dataset show that the proposed method achieved better botnet detection performance with 99.10% recall, 99.20% accuracy, 99.1% F1 score, and 99.0% area under the curve.https://doi.org/10.1177/15501477211049910 |
| spellingShingle | Li Duan Jingxian Zhou You Wu Wenyao Xu A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems International Journal of Distributed Sensor Networks |
| title | A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| title_full | A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| title_fullStr | A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| title_full_unstemmed | A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| title_short | A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| title_sort | novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems |
| url | https://doi.org/10.1177/15501477211049910 |
| work_keys_str_mv | AT liduan anovelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT jingxianzhou anovelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT youwu anovelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT wenyaoxu anovelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT liduan novelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT jingxianzhou novelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT youwu novelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems AT wenyaoxu novelandhighlyefficientbotnetdetectionalgorithmbasedonnetworktrafficanalysisofsmartsystems |