Anomaly Based Peer-to-Peer Botnet Detectionusing Fuzzy-Neuronetwork

No Thumbnail Available

Date

10/10/2020

Journal Title

Journal ISSN

Volume Title

Publisher

Addis Ababa University

Abstract

Peer-to-Peer (P2P) botnets are considered as one of the most significant contributors to various malicious activities on the Internet. The denial of service attacks, spamming, keylogging, click fraud, traffic sniffing, stealing personal user information, for example credit card numbers, and social security numbers, are some of the illegal activities based on botnets. P2P botnets are networks of infected computing devices, called zombies or bots. These bots are remotely controlled and instructed by malicious entities commonly referred to as Botmasters or hackers. In recent years, lots of researchers have proposed a number of P2P botnet detection models, but due to the evolving nature of botnets, there is still a need for new techniques to identify recent botnets. Due to that, we propose a model that is able to distinguish genuine network traffic from malicious one by analyzing the network flow data using Fuzzy-Neuro Network (FNN). The proposed model has the following components: Feature Extractor, Feature Selector, Dataset Constructor, Preprocessor, Classifier and P2P Botnet Detector. The feature extraction component extracts the network traffic-based feature vectors from the network traffic whereas the feature selection component selects vital features based on their information gain value. The next component which is the dataset constructor is used to convert the comma separated value (CSV) file into sets and help us to split the dataset as training (70%) and testing (30%) sets. Then, the major activities in the preprocessing component are data cleaning, data transformation and data reduction. Finally, the FNN classifier is utilized to classify the network traffic into P2P botnet and normal using the botnet detection module. The feasibility of our proposed model has been validated through experiments using network traffic records acquired from two publicly available P2P botnet datasets Bot-IoT and UNSW-NB15. The datasets include both genuine and malicious network traffic. The evaluation result shows the proposed model is effective in detecting P2P botnets. Based on the evaluation results of our classifier, using Bot-IoT dataset, the model scored 100% for all evaluation metrics. Whereas, using the UNSW-NB15 dataset, the model scored highest classification accuracy of 99.9%, precision of 99.9% and recall of 100% with F-measure rate of 99.9%.

Description

Keywords

P2p Botnet Detection, Classification, Fuzzy-Neuro Network, Anomaly Detection

Citation

Collections