TY - JOUR
T1 - Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks
AU - Putra, Muhammad Aidiel Rachman
AU - Ahmad, Tohari
AU - Hostiadi, Dandy Pramana
N1 - Publisher Copyright:
© 2022. International Journal of Intelligent Engineering and Systemsv. All Rights Reserved.
PY - 2022
Y1 - 2022
N2 - Botnets are a severe threat to a computer network, affecting various aspects of security systems, including spreading malicious programs, phishing, sending spam messages, and click fraud. Because of their negative consequences, botnets must be identified early. Nevertheless, their different characteristics have made them challenging to detect. This research proposes a bot patterns communication detection from traffic flows analysis consisting of three main activities: bot detection, extraction, and communication behavior analysis phases. This proposed model aims to obtain a specific behavior of bot attacks, which can be used as an early warning bots attack system. The process of bot patterns communication detection depends on the accuracy of bot detection, so the model improves the pre-processing phase and uses multi-model classification. Improvement in the pre-processing phase is carried out in the feature engineering section using the concept of one-hot encoding. Several machine learning classification models are used to obtain the best detection accuracy: Decision tree, Random forest, Logistic regression, k-NN, and Naïve Bayes. Furthermore, the model has been tested on two different datasets, namely the NCC and CTU-13. The experimental results show that the proposed model is optimal and recognizes bot activities well. The accuracy detection is obtained at 99.99%. Besides, the model can also identify the bot’s attack activity scenario and communication behavior in three types: centralized, distributed, and spread.
AB - Botnets are a severe threat to a computer network, affecting various aspects of security systems, including spreading malicious programs, phishing, sending spam messages, and click fraud. Because of their negative consequences, botnets must be identified early. Nevertheless, their different characteristics have made them challenging to detect. This research proposes a bot patterns communication detection from traffic flows analysis consisting of three main activities: bot detection, extraction, and communication behavior analysis phases. This proposed model aims to obtain a specific behavior of bot attacks, which can be used as an early warning bots attack system. The process of bot patterns communication detection depends on the accuracy of bot detection, so the model improves the pre-processing phase and uses multi-model classification. Improvement in the pre-processing phase is carried out in the feature engineering section using the concept of one-hot encoding. Several machine learning classification models are used to obtain the best detection accuracy: Decision tree, Random forest, Logistic regression, k-NN, and Naïve Bayes. Furthermore, the model has been tested on two different datasets, namely the NCC and CTU-13. The experimental results show that the proposed model is optimal and recognizes bot activities well. The accuracy detection is obtained at 99.99%. Besides, the model can also identify the bot’s attack activity scenario and communication behavior in three types: centralized, distributed, and spread.
KW - Bot communication behaviour.
KW - Bot detection
KW - Botnet
KW - Infrastructure
KW - Intrusion detection system
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=85132975864&partnerID=8YFLogxK
U2 - 10.22266/ijies2022.0831.48
DO - 10.22266/ijies2022.0831.48
M3 - Article
AN - SCOPUS:85132975864
SN - 2185-310X
VL - 15
SP - 533
EP - 544
JO - International Journal of Intelligent Engineering and Systems
JF - International Journal of Intelligent Engineering and Systems
IS - 4
ER -