Next Article in Journal
Dynamic Responses of Liquid Storage Tanks Caused by Wind and Earthquake in Special Environment
Previous Article in Journal
Intensity-Modulated PM-PCF Sagnac Loop in a DWDM Setup for Strain Measurement
Open AccessArticle

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

1
Center of Cyber Security, School of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
2
College of Engineering, IT and Environment, Charles Darwin University, Casuarina 0810, Australia
*
Author to whom correspondence should be addressed.
Appl. Sci. 2019, 9(11), 2375; https://doi.org/10.3390/app9112375
Received: 19 March 2019 / Revised: 22 April 2019 / Accepted: 24 April 2019 / Published: 11 June 2019
(This article belongs to the Section Computing and Artificial Intelligence)
In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%. View Full-Text
Keywords: botnet detection; anomaly detection; network traffic identification; machine learning botnet detection; anomaly detection; network traffic identification; machine learning
Show Figures

Figure 1

MDPI and ACS Style

Khan, R.U.; Zhang, X.; Kumar, R.; Sharif, A.; Golilarz, N.A.; Alazab, M. An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers. Appl. Sci. 2019, 9, 2375.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop