TY - JOUR
T1 - Optimizing Multi-Class Botnet Detection Models to Detect SPAM Botnets with Feature Selection Methods
T2 - A Comparative Analysis
AU - Prada, Java Kanaya
AU - Ahmad, Tohari
AU - Hostiadi, Dandy Pramana
AU - Putra, Muhammad Aidiel Rachman
N1 - Publisher Copyright:
Copyright: © 2024 The authors.
PY - 2024/8
Y1 - 2024/8
N2 - A botnet involves the use of illegal software to carry out malicious activities that pose a threat to network security, particularly through spam attack activities. Many studies have focused on developing detection models to categorize network activities as either botnet or non-botnet. However, there is still a need for research to identify spam activities within botnet activities, including improving the feature selection process. The aim of this research is to identify feature selection methods that can improve machine learning models for botnet detection, particularly in SPAM botnet detection. To address this, our research implements feature selection methods as a preprocessing step before classifying network activity data using a decision tree algorithm for botnet spam detection with multi-class classification. Feature selection during the data preprocessing phase is crucial, as it has been shown to enhance the performance of detection models. In this study, eight types of feature selection methods were implemented, yielding mixed results. Experimental findings indicate that the classification method using a decision tree without feature selection produced the best overall results, achieving a macro average F1-Score of 91.18%, a weighted average Precision of 99.07%, a Recall of 99.03%, an F1-Score of 99.05%, and an Accuracy rate of 99.03%. SelectKBest with chi2 Feature Selection slightly outperformed other methods in detecting SPAM Botnets, with a Recall of 87.93% and an F1-Score of 79.68%.
AB - A botnet involves the use of illegal software to carry out malicious activities that pose a threat to network security, particularly through spam attack activities. Many studies have focused on developing detection models to categorize network activities as either botnet or non-botnet. However, there is still a need for research to identify spam activities within botnet activities, including improving the feature selection process. The aim of this research is to identify feature selection methods that can improve machine learning models for botnet detection, particularly in SPAM botnet detection. To address this, our research implements feature selection methods as a preprocessing step before classifying network activity data using a decision tree algorithm for botnet spam detection with multi-class classification. Feature selection during the data preprocessing phase is crucial, as it has been shown to enhance the performance of detection models. In this study, eight types of feature selection methods were implemented, yielding mixed results. Experimental findings indicate that the classification method using a decision tree without feature selection produced the best overall results, achieving a macro average F1-Score of 91.18%, a weighted average Precision of 99.07%, a Recall of 99.03%, an F1-Score of 99.05%, and an Accuracy rate of 99.03%. SelectKBest with chi2 Feature Selection slightly outperformed other methods in detecting SPAM Botnets, with a Recall of 87.93% and an F1-Score of 79.68%.
KW - botnet detection
KW - feature selection
KW - machine learning
KW - network security
KW - spam
UR - http://www.scopus.com/inward/record.url?scp=85203042280&partnerID=8YFLogxK
U2 - 10.18280/ijsse.140430
DO - 10.18280/ijsse.140430
M3 - Article
AN - SCOPUS:85203042280
SN - 2041-9031
VL - 14
SP - 1339
EP - 1345
JO - International Journal of Safety and Security Engineering
JF - International Journal of Safety and Security Engineering
IS - 4
ER -