Skip to main content
SpringerLink
Log in

Performance evaluation of Botnet DDoS attack detection using machine learning

  • Special Issue
  • Published:
Evolutionary Intelligence Aims and scope Submit manuscript

Abstract

Botnet is regarded as one of the most sophisticated vulnerability threats nowadays. A large portion of network traffic is dominated by Botnets. Botnets are conglomeration of trade PCs (Bots) which are remotely controlled by their originator (BotMaster) under a Command and-Control (C&C) foundation. They are the keys to several Internet assaults like spams, Distributed Denial of Service Attacks (DDoS), rebate distortions, malwares and phishing. To over the problem of DDoS attack, various machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) (K-means, X-means etc.) were proposed. With the increasing popularity of Machine Learning in the field of Computer Security, it will be a remarkable accomplishment to carry out performance assessment of the machine learning methods given a common platform. This could assist developers in choosing a suitable method for their case studies and assist them in further research. This paper performed an experimental analysis of the machine learning methods for Botnet DDoS attack detection. The evaluation is done on the UNBS-NB 15 and KDD99 which are well-known publicity datasets for Botnet DDoS attack detection. Machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) are investigated for Accuracy, False Alarm Rate (FAR), Sensitivity, Specificity, False positive rate (FPR), AUC, and Matthews correlation coefficient (MCC) of datasets. Performance of KDD99 dataset has been experimentally shown to be better as compared to the UNBS-NB 15 dataset. This validation is significant in computer security and other related fields.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K (2016) Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Trans Cybern 46(8):1796–1806

    Article  Google Scholar 

  2. Bhushan K, Gupta BB (2018) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0800-9

    Article  Google Scholar 

  3. Tom Ball (2018) Malicious Botnets responsible for 40% of global login attempts. https://www.cbronline.com/news/malicious-Botnets-login

  4. Nadji Y, Antonakakis M, Perdisci R, Dagon D, Lee W (2013) Beheading hydras: performing effective Botnet takedowns. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, pp 121–132

  5. Cao N, Li G, Zhu P, Sun Q, Wang Y, Li J, Zhao Y (2018) Handling the adversarial attacks. J Ambient Intell Humaniz Comput 1–15

  6. Singh K, Guntuku SC, Thakur A, Hota C (2014) Big data analytics framework for peer-to-peer Botnet detection using random forests. Inf Sci 278:488–497

    Article  Google Scholar 

  7. Karim A, Salleh RB, Shiraz M, Shah SAA, Awan I, Anuar NB (2014) Botnet detection techniques: review, future trends, and issues. J Zhejiang Univ Sci C 15(11):943–983

    Article  Google Scholar 

  8. Pillutla H, Arjunan A (2018) Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0754-y

    Article  Google Scholar 

  9. Beitollahi H, Deconinck G (2014) Connection score: a statistical technique to resist application-layer ddos attacks. J Ambient Intell Humaniz Comput 5(3):425–442

    Article  Google Scholar 

  10. Rodríguez-Gómez RA, Maciá-Fernández G, García-Teodoro P (2013) Survey and taxonomy of Botnet research through life-cycle. ACM Comput Surv (CSUR) 45(4):45

    Article  Google Scholar 

  11. Reza M, Sobouti M, Raouf S, Javidan R (2016) Network traffic classification using machine learning techniques over software defined networks. Int J Adv Comput Sci Appl 8(7):220–225

    Google Scholar 

  12. Jha S, Kumar R, Son L, Abdel-Basset M, Priyadarshini I, Sharma R, Long H (2019) Deep learning approach for software maintainability metrics prediction. IEEE Access 7:61840–61855

    Article  Google Scholar 

  13. Pritam N, Khari M, Son L, Kumar R, Jha S, Priyadarshini I, Abdel-Basset M, Long H (2019) Assessment of code smell for predicting class change proneness using machine learning. IEEE Access 7:37414–37425

    Article  Google Scholar 

  14. Hoang X, Nguyen Q (2018) Botnet detection based on machine learning techniques using DNS query data. Future Internet MDPI 10(5):43

    Article  Google Scholar 

  15. Zekri M, Kafhali S, Aboutabit N, Saadi Y (2017) DDoS attack detection using machine learning techniques in cloud computing environments. In: 3rd international conference of cloud computing technologies and applications (CloudTech), pp 1–7. https://doi.org/10.1109/cloudtech.2017.8284731

  16. Different types of bots. Retrieved from https://www.honeynet.org/book/export/html/53

  17. Sarwar S, Zahoory A, Zahra A, Tariq S, Ahmed A (2014) BOTNET—threats and countermeasures. Int J Sci Res Develop 1(12):2682–2683

    Google Scholar 

  18. Gu G, Yegneswaran V, Porras P, Stoll J, Lee W (2009) Active Botnet probing to identify obscure command and control channels. In: Annual computer security applications conference, IEEE, pp 1–13

  19. Erbacher R, Cutler A, Banerjee P, Marshall J (2008) A multi-layered approach to Botnet detection. In: 2007, proceedings of the 2008 international conference on security & management, SAM, 30:1–308

  20. Wolff R, Hobert S, Schumann M (2019) How may i help you?—state of the art and open research questions for chatbots at the digital workplace. In: Hawaii international conference on system sciences, pp 95–104

  21. Lu W, Tavallaee M, Ghorbani A (2009) Automatic discovery of Botnet communities on large-scale communication networks. In: Proceedings of the 4th international symposium on information, computer, and communications security, pp 1–10

  22. Gupta S, Borkar D, Mello C, Patil S (2015) An E-commerce website based chatbot. Int J Comput Sci Inf Technol 6(2):1483–1485

    Google Scholar 

  23. Ceron J, Jessen K, Hoepers C, Granville L, Margi C (2019) Improving IoT Botnet investigation using an adaptive network layer. Sens MDPI 19(3):727

    Article  Google Scholar 

  24. Andriesse D, Rossow C, Stone-Gross B, Plohmann D, Bos H (2013) Highly resilient peer-to-peer Botnets are here: an analysis of Gameover Zeus. In: 2013 8th international conference on malicious and unwanted software [proceedings]: “The Americas”, MALWARE 2013. [6703693], ACM, IEEE Computer Society, Fajardo, pp 116–123

  25. John J, Moshchuk A, Gribble S, Krishnamurthy A (2009) Studying spamming Botnets using Botlab. In: Proceedings of the 6th USENIX symposium on Networked systems design and implementation, pp 291–306

  26. Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social Botnet. Comput Netw 57(2):556–578

    Article  Google Scholar 

  27. Alomari E, Manickam S, Gupta BB, Karuppayah S, Alfaris R (2012) Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. Preprint arXiv:1208.0403

  28. Zhao D, Traore I, Ghorbani A, Sayed B, Saad S, Lu W (2012) Peer to peer Botnet detection based on flow intervals. Inf Secur Priv Res 87–102

  29. Garasia SS, Rana DP, Mehta RG (2012) HTTP Botnet detection using frequent patternset mining. Proc Int J Eng Sci Adv Technol 2:619–624

    Google Scholar 

  30. Bilge L, Balzarotti D, Robertson W, Kirda E, Kruegel C (2012) Disclosure: detecting Botnet command and control servers through large-scale net flow analysis. In: Proceedings of the 28th annual computer security applications conference, ACM, pp 129–138

  31. Thapngam T, Yu S, Zhou W, Makki S (2012) Distributed Denial of service (DDoS) detection by traffic pattern analysis. In: Peer-to-Peer networking and applications December 2014, Springer, Vol 7, Issue 4, pp 346–358

  32. Feizollah A, Anuar NB, Salleh R, Amalina F, Shamshirband S (2013) A study of machine learning classifiers for anomaly-based mobile Botnet detection. Malaysian J Comput Sci 26(4):251–265

    Google Scholar 

  33. Zhao D, Traore I, Sayed B, Lu W, Saad S, & Ghorbani A, Garant D (2013) Botnet detection based on traffic behavior analysis and flow intervals. Comput Secur 39:2–16. https://doi.org/10.1016/j.cose.2013.04.007

    Article  Google Scholar 

  34. Khattak S, Ramay NR, Khan KR, Syed AA, Khayam SA (2014) A taxonomy of Botnet behavior, detection, and defense. IEEE Commun Surv Tutor 16(2):898–924

    Article  Google Scholar 

  35. Lim S, Ha J, Kim H, Kim Y, Yang S (2014) A SDN-oriented DDoS blocking scheme for Botnet-based attacks. In: 2014 6th international conference on ubiquitous and future networks (ICUFN), IEEE, pp 63–68

  36. Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270

    Article  Google Scholar 

  37. Sieklik B, Macfarlane R, Buchanan WJ (2016) Evaluation of TFTP DDoS amplification attack. Comput Secur 57:67–92

    Article  Google Scholar 

  38. Stevanovic M, Pedersen JM (2016) On the use of machine learning for identifying Botnet network traffic. J Cyber Secur Mob 4(2):1–32

    Article  Google Scholar 

  39. Sahay R, Blanc G, Zhang Z, Debar H (2017) ArOMA: an SDN based autonomic DDoS mitigation framework. Comput Secur 70:1–18. https://doi.org/10.1016/j.cose.2017.07.008.

    Article  Google Scholar 

  40. Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Kumar D (2017) Understanding the miraiBotnet. In: USENIX security symposium

  41. Wang TS, Lin HT, Cheng WT and Chen CY (2017) DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis. Comput Secur 64:1–15

    Article  Google Scholar 

  42. Ali ST, Mc Corry P, Lee PHJ, Hao F (2017) Zombie Coin 2.0: managing next-generation Botnets using Bitcoin. Int J Inf Secur 1–12

  43. Anagnostopoulos M, Kambourakis G, Gritzalis S (2016) New facets of mobile Botnet: architecture and evaluation. Int J Inf Secur 15(5):455–473

    Article  Google Scholar 

  44. Kirubavathi G, Anitha R (2018) Structural analysis and detection of android Botnets using machine learning techniques. Int J Inf Secur 17(2):153–167

    Article  Google Scholar 

  45. Pillutla H, Arjunan A (2018) Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Humaniz Comput 1–13

  46. Fok K, Zheng L, Watt K, Su L, Thing V (2018) Automated Botnet traffic detection via machine learning. In: Conference: TENCON 2018

  47. Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for Botnet traffic detection. In: Dehghantanha A, Conti M, Dargahi T (eds) Cyber threat intelligence advances in information security, vol 70. Springer, Cham

    Google Scholar 

  48. Koroniotis N (2017) Towards developing network forensic mechanism for Botnet activities in the IoT based on machine learning techniques. Preprint arXiv:1711.02825

  49. Nour M, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military communications and information systems conference (MilCIS), IEEE

  50. The CAIDA UCSD Dataset 2008-11-21 (2008) https://data.caida.org/datasets/security/telescope-3days-conficker/

  51. Evgeniou T, Pontil M (2000) Support vector machines: theory and applications. In: 2000, Machine learning and its applications, advanced Lectures, pp 249–257

    Chapter  Google Scholar 

  52. Shiruru K (2016) An introduction to artificial neural network. Int J Adv Res Innov Ideas Edu 1(5):27–30

    Google Scholar 

  53. Taheri S, Mammadov M (2013) Learning the naive Bayes classifier with optimization models. Int J Appl Math Comput Sci 23(4):787–795

    Article  MathSciNet  Google Scholar 

  54. Rokach L, Maimon O (2004) Decision Trees. The data mining and knowledge discovery handbook, In book, pp 165–192

    MATH  Google Scholar 

  55. Khanum MA, Mahboob T, Imtiaz W, Ghafoor HA, Sehar R (2015) A survey on unsupervised machine learning algorithms for automation, classification and maintenance. Int J Comput Appl 119(13):34–39

    Google Scholar 

  56. Rodríguez J, Pérez A, Lozano JA (2010) Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Trans Pattern Anal Mach Intell 32:569–575

    Article  Google Scholar 

  57. Nour M, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J A Glob Perspect 25(13):18–31

    Google Scholar 

  58. Son NTK, Dong NP, Son LH, Long HV (2019) Towards granular calculus of single-valued neutrosophic functions under granular computing. Multimed Tools Appl. https://doi.org/10.1007/s11042-019-7388-8

    Article  Google Scholar 

  59. Son NTK, Dong NP, Long HV, Son LH, Khastan A (2019) Linear quadratic regulator problem governed by granular neutrosophic fractional differential equations. ISA Trans. https://doi.org/10.1016/j.isatra.2019.08.006

    Article  Google Scholar 

  60. Khan MMT, Singh K, Son LH, Abdel-Basset M, Long HV, Singh SP (2019) A novel and comprehensive trust estimation clustering based approach for large scale wireless sensor networks. IEEE Access 7:58221–58240

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The People’s Police University of Technology and Logistics, Thuận Thành, Bac Ninh, Vietnam

    Tong Anh Tuan & Hoang Viet Long

  2. VNU Information Technology Institute, Vietnam National University, Hanoi, Vietnam

    Le Hoang Son

  3. Department of Computer Science and Engineering, LNCT College, Bhopal, India

    Raghvendra Kumar

  4. University of Delaware, Newark, DE, USA

    Ishaani Priyadarshini

  5. Division of Computational Mathematics and Engineering, Institute for Computational Science, Ton Duc Thang University, Ho Chi Minh City, Vietnam

    Nguyen Thi Kim Son

  6. Faculty of Mathematics and Statistics, Ton Duc Thang University, Ho Chi Minh City, Vietnam

    Nguyen Thi Kim Son

Authors
  1. Tong Anh Tuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hoang Viet Long
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Le Hoang Son
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raghvendra Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ishaani Priyadarshini
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Nguyen Thi Kim Son
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nguyen Thi Kim Son.

Ethics declarations

Conflict of interest

The authors declare that they do not have any conflict of interests.

Human and animal rights

This research does not involve any human or animal participation. All authors have checked and agreed the submission.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tuan, T.A., Long, H.V., Son, L.H. et al. Performance evaluation of Botnet DDoS attack detection using machine learning. Evol. Intel. 13, 283–294 (2020). https://doi.org/10.1007/s12065-019-00310-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12065-019-00310-w

Keywords

Search

Navigation