Abstract

Botnet is one type of malware that infects devices to carry out illegal activities controlled by a botmaster. Many previous studies detected botnets as a single activity while botnet activities were related. This paper focused on detecting host botnets by analyzing the linkages between each activity on a network. The research proposed a novel method combining sequential pattern mining, feature engineering, and hybrid analysis. The goal is to forensically discover network actors suspected of being botnets by analyzing interrelated network activity. Compared to other methods, the proposed approach provides more stable performance in identifying botnet and non-botnet activities. Besides, the experiment also tested the processing time and obtained optimal performance. The experiment uses three datasets and shows on average 97.71% of accuracy, 94.42% of recall, 94.42% of TPR, 97.96% of TNR, 2.29% of FPR, 5.58% of FNR, and 800.94 s of time processing. Furthermore, this model can help network admins forensically analyze botnet attacks on computer networks.

Original languageEnglish
Article number100440
JournalEgyptian Informatics Journal
Volume25
DOIs
Publication statusPublished - Mar 2024

Keywords

  • Botnet detection
  • Information security
  • Network infrastructure
  • Network security
  • Sequential pattern mining

Fingerprint

Dive into the research topics of 'Botnet sequential activity detection with hybrid analysis'. Together they form a unique fingerprint.

Cite this