Anomaly Based Peer-to-Peer Botnet Detectionusing Fuzzy-Neuronetwork
No Thumbnail Available
Date
10/10/2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Peer-to-Peer (P2P) botnets are considered as one of the most significant contributors to various malicious activities on the Internet. The denial of service attacks, spamming, keylogging, click fraud, traffic sniffing, stealing personal user information, for example credit card numbers, and social security numbers, are some of the illegal activities based on botnets. P2P botnets are networks of infected computing devices, called zombies or bots. These bots are remotely controlled and instructed by malicious entities commonly referred to as Botmasters or hackers. In recent years, lots of researchers have proposed a number of P2P botnet detection models, but due to the evolving nature of botnets, there is still a need for new techniques to identify recent botnets. Due to that, we propose a model that is able to distinguish genuine network traffic from malicious one by analyzing the network flow data using Fuzzy-Neuro Network (FNN).
The proposed model has the following components: Feature Extractor, Feature Selector, Dataset Constructor, Preprocessor, Classifier and P2P Botnet Detector. The feature extraction component extracts the network traffic-based feature vectors from the network traffic whereas the feature selection component selects vital features based on their information gain value. The next component which is the dataset constructor is used to convert the comma separated value (CSV) file into sets and help us to split the dataset as training (70%) and testing (30%) sets. Then, the major activities in the preprocessing component are data cleaning, data transformation and data reduction. Finally, the FNN classifier is utilized to classify the network traffic into P2P botnet and normal using the botnet detection module.
The feasibility of our proposed model has been validated through experiments using network traffic records acquired from two publicly available P2P botnet datasets Bot-IoT and UNSW-NB15. The datasets include both genuine and malicious network traffic. The evaluation result shows the proposed model is effective in detecting P2P botnets. Based on the evaluation results of our classifier, using Bot-IoT dataset, the model scored 100% for all evaluation metrics. Whereas, using the UNSW-NB15 dataset, the model scored highest classification accuracy of 99.9%, precision of 99.9% and recall of 100% with F-measure rate of 99.9%.
Description
Keywords
P2p Botnet Detection, Classification, Fuzzy-Neuro Network, Anomaly Detection