Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks

Muhammad Aidiel Rachman Putra, Tohari Ahmad*, Dandy Pramana Hostiadi

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

16 Citations (Scopus)

Abstract

Botnets are a severe threat to a computer network, affecting various aspects of security systems, including spreading malicious programs, phishing, sending spam messages, and click fraud. Because of their negative consequences, botnets must be identified early. Nevertheless, their different characteristics have made them challenging to detect. This research proposes a bot patterns communication detection from traffic flows analysis consisting of three main activities: bot detection, extraction, and communication behavior analysis phases. This proposed model aims to obtain a specific behavior of bot attacks, which can be used as an early warning bots attack system. The process of bot patterns communication detection depends on the accuracy of bot detection, so the model improves the pre-processing phase and uses multi-model classification. Improvement in the pre-processing phase is carried out in the feature engineering section using the concept of one-hot encoding. Several machine learning classification models are used to obtain the best detection accuracy: Decision tree, Random forest, Logistic regression, k-NN, and Naïve Bayes. Furthermore, the model has been tested on two different datasets, namely the NCC and CTU-13. The experimental results show that the proposed model is optimal and recognizes bot activities well. The accuracy detection is obtained at 99.99%. Besides, the model can also identify the bot’s attack activity scenario and communication behavior in three types: centralized, distributed, and spread.

Original languageEnglish
Pages (from-to)533-544
Number of pages12
JournalInternational Journal of Intelligent Engineering and Systems
Volume15
Issue number4
DOIs
Publication statusPublished - 2022

Keywords

  • Bot communication behaviour.
  • Bot detection
  • Botnet
  • Infrastructure
  • Intrusion detection system
  • Network security

Fingerprint

Dive into the research topics of 'Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks'. Together they form a unique fingerprint.

Cite this