TY - JOUR
T1 - Botnet Attack Analysis through Graph Visualization
AU - Putra, Muhammad Aidiel Rachman
AU - Ahmad, Tohari
AU - Hostiadi, Dandy Pramana
AU - Ijtihadie, Royyana Muslim
AU - Maniriho, Pascal
N1 - Publisher Copyright:
© (2024), (Intelligent Network and Systems Society). All Rights Reserved.
PY - 2024
Y1 - 2024
N2 - Botnet attacks on computer networks require proper handling because they can have dangerous consequences. Botnets are dynamic and able to evolve quickly. A botnet can resemble normal activity, making it challenging to detect. Previous research has introduced botnet detection models but has not focused on analyzing intensity behavior based on incoming and outgoing flows in graph visualization. This analysis is needed to get the botnet attack flow. This paper proposes a detection and comprehensive analysis of botnet attack behavior based on a directed graph. The goal is to detect the attacker and extract the behavior from the directed graph. First, all network traffic is grouped based on the time distance between activities. Visualization is carried out by representing the attacker and target as nodes in every activity group and analyzing the direction of communication in the form of in-degree and out-degree. Meanwhile, interactions are represented in edges and weighted edges based on activity intensity. Then, all graph representation is extracted for classification using random forest, decision tree, support vector classification, Naïve bayes, k -nearest neighbors, logistic regression, and XGBoost. In the experiment, three different datasets are used, namely CTU-13, NCC-1, and NCC-2. The proposed approaches perform well, with an average of 99.97% accuracy, 46.82% precision, and 83.33% recall. These results can form a knowledge base of botnet attacks that can be used in attack detection models on the network.
AB - Botnet attacks on computer networks require proper handling because they can have dangerous consequences. Botnets are dynamic and able to evolve quickly. A botnet can resemble normal activity, making it challenging to detect. Previous research has introduced botnet detection models but has not focused on analyzing intensity behavior based on incoming and outgoing flows in graph visualization. This analysis is needed to get the botnet attack flow. This paper proposes a detection and comprehensive analysis of botnet attack behavior based on a directed graph. The goal is to detect the attacker and extract the behavior from the directed graph. First, all network traffic is grouped based on the time distance between activities. Visualization is carried out by representing the attacker and target as nodes in every activity group and analyzing the direction of communication in the form of in-degree and out-degree. Meanwhile, interactions are represented in edges and weighted edges based on activity intensity. Then, all graph representation is extracted for classification using random forest, decision tree, support vector classification, Naïve bayes, k -nearest neighbors, logistic regression, and XGBoost. In the experiment, three different datasets are used, namely CTU-13, NCC-1, and NCC-2. The proposed approaches perform well, with an average of 99.97% accuracy, 46.82% precision, and 83.33% recall. These results can form a knowledge base of botnet attacks that can be used in attack detection models on the network.
KW - Botnet detection
KW - Graph visualization
KW - Information security
KW - Network infrastructure
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=85184200223&partnerID=8YFLogxK
U2 - 10.22266/ijies2024.0229.75
DO - 10.22266/ijies2024.0229.75
M3 - Article
AN - SCOPUS:85184200223
SN - 2185-310X
VL - 17
SP - 913
EP - 927
JO - International Journal of Intelligent Engineering and Systems
JF - International Journal of Intelligent Engineering and Systems
IS - 1
ER -