Abstract

Botnet attacks on computer networks require proper handling because they can have dangerous consequences. Botnets are dynamic and able to evolve quickly. A botnet can resemble normal activity, making it challenging to detect. Previous research has introduced botnet detection models but has not focused on analyzing intensity behavior based on incoming and outgoing flows in graph visualization. This analysis is needed to get the botnet attack flow. This paper proposes a detection and comprehensive analysis of botnet attack behavior based on a directed graph. The goal is to detect the attacker and extract the behavior from the directed graph. First, all network traffic is grouped based on the time distance between activities. Visualization is carried out by representing the attacker and target as nodes in every activity group and analyzing the direction of communication in the form of in-degree and out-degree. Meanwhile, interactions are represented in edges and weighted edges based on activity intensity. Then, all graph representation is extracted for classification using random forest, decision tree, support vector classification, Naïve bayes, k -nearest neighbors, logistic regression, and XGBoost. In the experiment, three different datasets are used, namely CTU-13, NCC-1, and NCC-2. The proposed approaches perform well, with an average of 99.97% accuracy, 46.82% precision, and 83.33% recall. These results can form a knowledge base of botnet attacks that can be used in attack detection models on the network.

Original languageEnglish
Pages (from-to)913-927
Number of pages15
JournalInternational Journal of Intelligent Engineering and Systems
Volume17
Issue number1
DOIs
Publication statusPublished - 2024

Keywords

  • Botnet detection
  • Graph visualization
  • Information security
  • Network infrastructure
  • Network security

Fingerprint

Dive into the research topics of 'Botnet Attack Analysis through Graph Visualization'. Together they form a unique fingerprint.

Cite this