Abstract
Botnet is regarded as one of the most sophisticated vulnerability threats nowadays. A large portion of network traffic is dominated by Botnets. Botnets are conglomeration of trade PCs (Bots) which are remotely controlled by their originator (BotMaster) under a Command and-Control (C&C) foundation. They are the keys to several Internet assaults like spams, Distributed Denial of Service Attacks (DDoS), rebate distortions, malwares and phishing. To over the problem of DDoS attack, various machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) (K-means, X-means etc.) were proposed. With the increasing popularity of Machine Learning in the field of Computer Security, it will be a remarkable accomplishment to carry out performance assessment of the machine learning methods given a common platform. This could assist developers in choosing a suitable method for their case studies and assist them in further research. This paper performed an experimental analysis of the machine learning methods for Botnet DDoS attack detection. The evaluation is done on the UNBS-NB 15 and KDD99 which are well-known publicity datasets for Botnet DDoS attack detection. Machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naïve Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) are investigated for Accuracy, False Alarm Rate (FAR), Sensitivity, Specificity, False positive rate (FPR), AUC, and Matthews correlation coefficient (MCC) of datasets. Performance of KDD99 dataset has been experimentally shown to be better as compared to the UNBS-NB 15 dataset. This validation is significant in computer security and other related fields.
Similar content being viewed by others
References
Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K (2016) Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Trans Cybern 46(8):1796–1806
Bhushan K, Gupta BB (2018) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0800-9
Tom Ball (2018) Malicious Botnets responsible for 40% of global login attempts. https://www.cbronline.com/news/malicious-Botnets-login
Nadji Y, Antonakakis M, Perdisci R, Dagon D, Lee W (2013) Beheading hydras: performing effective Botnet takedowns. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, pp 121–132
Cao N, Li G, Zhu P, Sun Q, Wang Y, Li J, Zhao Y (2018) Handling the adversarial attacks. J Ambient Intell Humaniz Comput 1–15
Singh K, Guntuku SC, Thakur A, Hota C (2014) Big data analytics framework for peer-to-peer Botnet detection using random forests. Inf Sci 278:488–497
Karim A, Salleh RB, Shiraz M, Shah SAA, Awan I, Anuar NB (2014) Botnet detection techniques: review, future trends, and issues. J Zhejiang Univ Sci C 15(11):943–983
Pillutla H, Arjunan A (2018) Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0754-y
Beitollahi H, Deconinck G (2014) Connection score: a statistical technique to resist application-layer ddos attacks. J Ambient Intell Humaniz Comput 5(3):425–442
Rodríguez-Gómez RA, Maciá-Fernández G, García-Teodoro P (2013) Survey and taxonomy of Botnet research through life-cycle. ACM Comput Surv (CSUR) 45(4):45
Reza M, Sobouti M, Raouf S, Javidan R (2016) Network traffic classification using machine learning techniques over software defined networks. Int J Adv Comput Sci Appl 8(7):220–225
Jha S, Kumar R, Son L, Abdel-Basset M, Priyadarshini I, Sharma R, Long H (2019) Deep learning approach for software maintainability metrics prediction. IEEE Access 7:61840–61855
Pritam N, Khari M, Son L, Kumar R, Jha S, Priyadarshini I, Abdel-Basset M, Long H (2019) Assessment of code smell for predicting class change proneness using machine learning. IEEE Access 7:37414–37425
Hoang X, Nguyen Q (2018) Botnet detection based on machine learning techniques using DNS query data. Future Internet MDPI 10(5):43
Zekri M, Kafhali S, Aboutabit N, Saadi Y (2017) DDoS attack detection using machine learning techniques in cloud computing environments. In: 3rd international conference of cloud computing technologies and applications (CloudTech), pp 1–7. https://doi.org/10.1109/cloudtech.2017.8284731
Different types of bots. Retrieved from https://www.honeynet.org/book/export/html/53
Sarwar S, Zahoory A, Zahra A, Tariq S, Ahmed A (2014) BOTNET—threats and countermeasures. Int J Sci Res Develop 1(12):2682–2683
Gu G, Yegneswaran V, Porras P, Stoll J, Lee W (2009) Active Botnet probing to identify obscure command and control channels. In: Annual computer security applications conference, IEEE, pp 1–13
Erbacher R, Cutler A, Banerjee P, Marshall J (2008) A multi-layered approach to Botnet detection. In: 2007, proceedings of the 2008 international conference on security & management, SAM, 30:1–308
Wolff R, Hobert S, Schumann M (2019) How may i help you?—state of the art and open research questions for chatbots at the digital workplace. In: Hawaii international conference on system sciences, pp 95–104
Lu W, Tavallaee M, Ghorbani A (2009) Automatic discovery of Botnet communities on large-scale communication networks. In: Proceedings of the 4th international symposium on information, computer, and communications security, pp 1–10
Gupta S, Borkar D, Mello C, Patil S (2015) An E-commerce website based chatbot. Int J Comput Sci Inf Technol 6(2):1483–1485
Ceron J, Jessen K, Hoepers C, Granville L, Margi C (2019) Improving IoT Botnet investigation using an adaptive network layer. Sens MDPI 19(3):727
Andriesse D, Rossow C, Stone-Gross B, Plohmann D, Bos H (2013) Highly resilient peer-to-peer Botnets are here: an analysis of Gameover Zeus. In: 2013 8th international conference on malicious and unwanted software [proceedings]: “The Americas”, MALWARE 2013. [6703693], ACM, IEEE Computer Society, Fajardo, pp 116–123
John J, Moshchuk A, Gribble S, Krishnamurthy A (2009) Studying spamming Botnets using Botlab. In: Proceedings of the 6th USENIX symposium on Networked systems design and implementation, pp 291–306
Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social Botnet. Comput Netw 57(2):556–578
Alomari E, Manickam S, Gupta BB, Karuppayah S, Alfaris R (2012) Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. Preprint arXiv:1208.0403
Zhao D, Traore I, Ghorbani A, Sayed B, Saad S, Lu W (2012) Peer to peer Botnet detection based on flow intervals. Inf Secur Priv Res 87–102
Garasia SS, Rana DP, Mehta RG (2012) HTTP Botnet detection using frequent patternset mining. Proc Int J Eng Sci Adv Technol 2:619–624
Bilge L, Balzarotti D, Robertson W, Kirda E, Kruegel C (2012) Disclosure: detecting Botnet command and control servers through large-scale net flow analysis. In: Proceedings of the 28th annual computer security applications conference, ACM, pp 129–138
Thapngam T, Yu S, Zhou W, Makki S (2012) Distributed Denial of service (DDoS) detection by traffic pattern analysis. In: Peer-to-Peer networking and applications December 2014, Springer, Vol 7, Issue 4, pp 346–358
Feizollah A, Anuar NB, Salleh R, Amalina F, Shamshirband S (2013) A study of machine learning classifiers for anomaly-based mobile Botnet detection. Malaysian J Comput Sci 26(4):251–265
Zhao D, Traore I, Sayed B, Lu W, Saad S, & Ghorbani A, Garant D (2013) Botnet detection based on traffic behavior analysis and flow intervals. Comput Secur 39:2–16. https://doi.org/10.1016/j.cose.2013.04.007
Khattak S, Ramay NR, Khan KR, Syed AA, Khayam SA (2014) A taxonomy of Botnet behavior, detection, and defense. IEEE Commun Surv Tutor 16(2):898–924
Lim S, Ha J, Kim H, Kim Y, Yang S (2014) A SDN-oriented DDoS blocking scheme for Botnet-based attacks. In: 2014 6th international conference on ubiquitous and future networks (ICUFN), IEEE, pp 63–68
Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270
Sieklik B, Macfarlane R, Buchanan WJ (2016) Evaluation of TFTP DDoS amplification attack. Comput Secur 57:67–92
Stevanovic M, Pedersen JM (2016) On the use of machine learning for identifying Botnet network traffic. J Cyber Secur Mob 4(2):1–32
Sahay R, Blanc G, Zhang Z, Debar H (2017) ArOMA: an SDN based autonomic DDoS mitigation framework. Comput Secur 70:1–18. https://doi.org/10.1016/j.cose.2017.07.008.
Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Kumar D (2017) Understanding the miraiBotnet. In: USENIX security symposium
Wang TS, Lin HT, Cheng WT and Chen CY (2017) DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis. Comput Secur 64:1–15
Ali ST, Mc Corry P, Lee PHJ, Hao F (2017) Zombie Coin 2.0: managing next-generation Botnets using Bitcoin. Int J Inf Secur 1–12
Anagnostopoulos M, Kambourakis G, Gritzalis S (2016) New facets of mobile Botnet: architecture and evaluation. Int J Inf Secur 15(5):455–473
Kirubavathi G, Anitha R (2018) Structural analysis and detection of android Botnets using machine learning techniques. Int J Inf Secur 17(2):153–167
Pillutla H, Arjunan A (2018) Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Humaniz Comput 1–13
Fok K, Zheng L, Watt K, Su L, Thing V (2018) Automated Botnet traffic detection via machine learning. In: Conference: TENCON 2018
Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for Botnet traffic detection. In: Dehghantanha A, Conti M, Dargahi T (eds) Cyber threat intelligence advances in information security, vol 70. Springer, Cham
Koroniotis N (2017) Towards developing network forensic mechanism for Botnet activities in the IoT based on machine learning techniques. Preprint arXiv:1711.02825
Nour M, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military communications and information systems conference (MilCIS), IEEE
The CAIDA UCSD Dataset 2008-11-21 (2008) https://data.caida.org/datasets/security/telescope-3days-conficker/
Evgeniou T, Pontil M (2000) Support vector machines: theory and applications. In: 2000, Machine learning and its applications, advanced Lectures, pp 249–257
Shiruru K (2016) An introduction to artificial neural network. Int J Adv Res Innov Ideas Edu 1(5):27–30
Taheri S, Mammadov M (2013) Learning the naive Bayes classifier with optimization models. Int J Appl Math Comput Sci 23(4):787–795
Rokach L, Maimon O (2004) Decision Trees. The data mining and knowledge discovery handbook, In book, pp 165–192
Khanum MA, Mahboob T, Imtiaz W, Ghafoor HA, Sehar R (2015) A survey on unsupervised machine learning algorithms for automation, classification and maintenance. Int J Comput Appl 119(13):34–39
Rodríguez J, Pérez A, Lozano JA (2010) Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Trans Pattern Anal Mach Intell 32:569–575
Nour M, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J A Glob Perspect 25(13):18–31
Son NTK, Dong NP, Son LH, Long HV (2019) Towards granular calculus of single-valued neutrosophic functions under granular computing. Multimed Tools Appl. https://doi.org/10.1007/s11042-019-7388-8
Son NTK, Dong NP, Long HV, Son LH, Khastan A (2019) Linear quadratic regulator problem governed by granular neutrosophic fractional differential equations. ISA Trans. https://doi.org/10.1016/j.isatra.2019.08.006
Khan MMT, Singh K, Son LH, Abdel-Basset M, Long HV, Singh SP (2019) A novel and comprehensive trust estimation clustering based approach for large scale wireless sensor networks. IEEE Access 7:58221–58240
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they do not have any conflict of interests.
Human and animal rights
This research does not involve any human or animal participation. All authors have checked and agreed the submission.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Tuan, T.A., Long, H.V., Son, L.H. et al. Performance evaluation of Botnet DDoS attack detection using machine learning. Evol. Intel. 13, 283–294 (2020). https://doi.org/10.1007/s12065-019-00310-w
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12065-019-00310-w