TY - GEN
T1 - Improving Spam Botnet Detection with Chi Square Feature Selection and Multiclass Machine Learning Classification
AU - Jahbel, Abdulati
AU - Ahmad, Tohari
AU - Putra, Muhammad Aidiel Rachman
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Botnets represent a major cybersecurity threat, frequently used in spam campaigns to spread malware and launch coordinated attacks. Spam represents one of the most prevalent threats associated with botnets. While numerous studies have developed models to distinguish botnet activity from normal network traffic, research focused on identifying spam traffic in botnet communications remains a significant challenge. Effective botnet detection and classification of associated spam activities are important for protecting networks. This paper proposes a spam-focused botnet detection approach using a two-stack machine learning algorithm. The first stack will differentiate between botnet and normal traffic. Then, a second stack will classify botnet traffic as either spam or non-spam. To optimize feature selection, chi-squared tests will be used to identify the most relevant features, and the top 15 features will be selected for further analysis. The imbalance in botnet datasets NCC2 will be addressed using SMOTE oversampling techniques. The proposed method demonstrated outstanding performance compared to traditional multi-class approaches. The results show a marked improvement in precision, recall, and F1 scores for detecting botnet spam activity. The proposed method attained an overall accuracy of 98.58%, surpassing the previous method's accuracy of 97.19%. The feature selection and SMOTE contribute to the model's high detection accuracy and stability, making it a robust solution for detecting botnet spam in network traffic. This study provides a comprehensive and effective strategy to mitigate the impact of spam botnets and ensure secure digital environments.
AB - Botnets represent a major cybersecurity threat, frequently used in spam campaigns to spread malware and launch coordinated attacks. Spam represents one of the most prevalent threats associated with botnets. While numerous studies have developed models to distinguish botnet activity from normal network traffic, research focused on identifying spam traffic in botnet communications remains a significant challenge. Effective botnet detection and classification of associated spam activities are important for protecting networks. This paper proposes a spam-focused botnet detection approach using a two-stack machine learning algorithm. The first stack will differentiate between botnet and normal traffic. Then, a second stack will classify botnet traffic as either spam or non-spam. To optimize feature selection, chi-squared tests will be used to identify the most relevant features, and the top 15 features will be selected for further analysis. The imbalance in botnet datasets NCC2 will be addressed using SMOTE oversampling techniques. The proposed method demonstrated outstanding performance compared to traditional multi-class approaches. The results show a marked improvement in precision, recall, and F1 scores for detecting botnet spam activity. The proposed method attained an overall accuracy of 98.58%, surpassing the previous method's accuracy of 97.19%. The feature selection and SMOTE contribute to the model's high detection accuracy and stability, making it a robust solution for detecting botnet spam in network traffic. This study provides a comprehensive and effective strategy to mitigate the impact of spam botnets and ensure secure digital environments.
KW - botnet detection
KW - cybersecurity
KW - feature selection
KW - machine learning
KW - network security
KW - spam
UR - http://www.scopus.com/inward/record.url?scp=85210504101&partnerID=8YFLogxK
U2 - 10.1109/ICITISEE63424.2024.10730685
DO - 10.1109/ICITISEE63424.2024.10730685
M3 - Conference contribution
AN - SCOPUS:85210504101
T3 - 2024 8th International Conference on Information Technology, Information Systems and Electrical Engineering, ICITISEE 2024
SP - 115
EP - 120
BT - 2024 8th International Conference on Information Technology, Information Systems and Electrical Engineering, ICITISEE 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th International Conference on Information Technology, Information Systems and Electrical Engineering, ICITISEE 2024
Y2 - 29 August 2024 through 30 August 2024
ER -