Botnet is one type of malware that infects devices to carry out illegal activities controlled by a botmaster. Many previous studies detected botnets as a single activity while botnet activities were related. This paper focused on detecting host botnets by analyzing the linkages between each activity on a network. The research proposed a novel method combining sequential pattern mining, feature engineering, and hybrid analysis. The goal is to forensically discover network actors suspected of being botnets by analyzing interrelated network activity. Compared to other methods, the proposed approach provides more stable performance in identifying botnet and non-botnet activities. Besides, the experiment also tested the processing time and obtained optimal performance. The experiment uses three datasets and shows on average 97.71% of accuracy, 94.42% of recall, 94.42% of TPR, 97.96% of TNR, 2.29% of FPR, 5.58% of FNR, and 800.94 s of time processing. Furthermore, this model can help network admins forensically analyze botnet attacks on computer networks.

Original languageEnglish
Article number100440
JournalEgyptian Informatics Journal
Publication statusPublished - Mar 2024


  • Botnet detection
  • Information security
  • Network infrastructure
  • Network security
  • Sequential pattern mining


Dive into the research topics of 'Botnet sequential activity detection with hybrid analysis'. Together they form a unique fingerprint.

Cite this