TY - GEN
T1 - Botnet Detection by including payload information of packets through machine learning
AU - Samarendranath, B.
AU - Dinesh Rao, B.
AU - Balachandra, M.
AU - Prathiksha,
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Botnets are collections of compromised devices manipulated by malicious entities. To safeguard against their varied and constantly evolving threats, it is essential to have sophisticated detection techniques in place. In this work, we investigate the utilization of machine learning methodologies for identifying botnets using CTU-13, a large repository that contains a wide range of botnet examples. By extracting features from the packet payloads and the header data, we are able to distinguish between botnet and harmless network traffic. We utilize a range of supervised machine learning techniques, including a Convolutional Neural Network (CNN), to identify botnet behavior. With rigorous evaluation, we see the nuanced performance of various machine learning models. In particular, we find that the naive Bayes classifier is very effective in detecting botnets, while CNN shows remarkable accuracy, especially when it is asked to classify botnet data converted to images. We also explore preprocessing techniques that improve the quality of textual data. This helps to improve feature extraction as well as model performance, emphasizing the importance of proper data preparation for cybersecurity analyses. These insights not only shed light on how effective machine learning can be in detecting botnets but also provide actionable recommendations for improving cyber security strategies.
AB - Botnets are collections of compromised devices manipulated by malicious entities. To safeguard against their varied and constantly evolving threats, it is essential to have sophisticated detection techniques in place. In this work, we investigate the utilization of machine learning methodologies for identifying botnets using CTU-13, a large repository that contains a wide range of botnet examples. By extracting features from the packet payloads and the header data, we are able to distinguish between botnet and harmless network traffic. We utilize a range of supervised machine learning techniques, including a Convolutional Neural Network (CNN), to identify botnet behavior. With rigorous evaluation, we see the nuanced performance of various machine learning models. In particular, we find that the naive Bayes classifier is very effective in detecting botnets, while CNN shows remarkable accuracy, especially when it is asked to classify botnet data converted to images. We also explore preprocessing techniques that improve the quality of textual data. This helps to improve feature extraction as well as model performance, emphasizing the importance of proper data preparation for cybersecurity analyses. These insights not only shed light on how effective machine learning can be in detecting botnets but also provide actionable recommendations for improving cyber security strategies.
UR - http://www.scopus.com/inward/record.url?scp=85207067864&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85207067864&partnerID=8YFLogxK
U2 - 10.1109/CISCON62171.2024.10696386
DO - 10.1109/CISCON62171.2024.10696386
M3 - Conference contribution
AN - SCOPUS:85207067864
T3 - 2024 Control Instrumentation System Conference: Guiding Tomorrow: Emerging Trends in Control, Instrumentation, and Systems Engineering, CISCON 2024
BT - 2024 Control Instrumentation System Conference
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 Control Instrumentation System Conference, CISCON 2024
Y2 - 2 August 2024 through 3 August 2024
ER -