Botnet Detection Using Machine Learning

Vidyavardhini's College of Engineering and Technology

Vasai, Maharashtra, India

Loukik Houzwala
Dept. of Computer Engineering Pranav Kulkarni Yash Shivade
V.C.E.T. Dept. of Computer Engineering Dept. of Computer Engineering)
Vasai, India. V.C.E.T. V.C.E.T.
loukikhouzwala0604@gm Vasai, India. Vasai, India.
ail.com [email protected]
[email protected]

Prof. Anil Hingmire

Dept. of Computer Engineering
V.C.E.T.
[email protected]

INTRODUCTION

Abstract - Botnets diversity and dynamism challenge

detection and classification algorithms, which depend
heavily on botnets protocol and may quickly become
avoidable. Different botnet and normal were taken and a
time approach was used to successfully separate them.A
more general detection method, then, was needed. Results
show that botnets and normal computers traffic may be
accurately detected by our approach and thus enhance
detection effectiveness. Moreover, the advantage in machine
learning algorithms and therefore the access to higher
botnet datasets will start showing promising ends up in
project. The research scientists have worked very hard
creating detection algorithms of botnet network traffic. The
shift of this detection techniques supported the behavioral
botnet models and has proved to 1 of the higher approach to
the analysis of the botnet patterns. We propose an system of
their most different characteristics, like synchronism and
network load with a close. Not relying in any specific botnet
protocol, our classification approach sought to detection of
the synchronic behavioral patterns in network traffic flows
and clustered flow relies on botnets characteristics. The
data-set is varied, large, public, real and has Background,
Normal and Botnet labels. The tools, data-set and
algorithms were released as free software. Our algorithms
provides a new high-level interface to spot, visualize and
block botnet behaviors within the network.
In this era of the Internet and botnets, much is increasing and
many are recognizing and measuring botnets. This result
indicates that your computer is more likely to be attacked by
the Botmaster. Contributions to forecasting methods are
further analyzed in terms of functionality and time, according
to the requirements of the module. The purpose of this study
is to predict botnet attacks such as mass spam emails and
distributed denial of service attacks. To this end, this paper
presents predictive methods for detecting botnets.
The goal of this project is to protect your PC from malicious
BOTS. As botnets become more common and threats emerge,
research has shown efforts to detect and mitigate botnets.
Different ML methods have different strengths and
weaknesses. This shows their role in bot detection. Different
detections, real-time monitoring, and new threats are issues
that need to be resolved by different bots. You can see that
many cyber attacks are carried out using different techniques.
One such attack is the botmaster's botnet attack. The purpose
of this project is to provide a detailed work analysis of the
vulnerabilities exploited by botnets and their proliferation
itself, and how to perform various suspicious activities such
as botnet attacks. Botnets are routinely the only greatest threat
to the Internet, as the amount of suspicious activity increases
and can infect the majority of computers on the Internet.

LITERATURE REVIEW
A survey in which botnets and bot detection, are explained
that how bots operate. In this paper we have classified botnet
detection into four classes, and they are anomaly-based,
signature-based, DNS based, and mining- base. Examining
the different botnet detection approaches placed botnets in
one of classes, namely anomaly-based, DNS. This paper gives
us the detailed information about the botnets and botnet
detection. It aims how to explain the botnets and explore
different botnet detection techniques.
As botnets are becoming more threatening, many research
have shown that there are many approaches and techniques
to solve the problem. Machine learning (ML) is the branch
that aims to develop systems with the ability to learn from our
past experience to solve the problems. This model is for the
description of how to describes the patterns that exist in the
data which should be able to make informed decisions from
the data. Detection which is based on bot behavior will
involve various model for how botnets. The objective of the
project is to provide a data flow of the botnets for various
types of botnets. The purpose of this paper is that emerged
survey of actual literature on feature extraction methods since
past five years. As the raising of application demand
increases, a large study and analysis in the feature extraction
field became very efficient. The main problem comes out
from the sum of variables convoluted when performing
analysis inquiry of complicated data. Analysis with the big
number of variables will be needed as big amount of memory
and computation power will be required, and also it will help
us to accesses the algorithm of classification which will help
us to overfill to training pattern to calculate to the new
pattern.
IV. PROPOSED METHODOLOGY
In this proposed methodology, the parameters of a network
flow is taken. the information of the network flow is
distributed to the backend django for pre-processing and
cleaning of knowledge. The training process is applied with
the assistance of Machine Learning algorithms. The
behaviour and properties of the info is learned. the
information with suspicious properties are revealed. The
model learning the suspicious properties are saved in pickel
format. The saved models are used for the prediction of
botnets from the network flow. The detected botnets are
displayed on the UI.
1. Logistic Regression Model :
In Logistic Regression Model ,The name System (DNS)
could be a major component of this Internet based bot, mainly
accustomed translate the domain names of the botnets to IP
addresses. Most network service and application depends on
this sort of networks.The name system doesn't differentiate
the services between normal and other botnets. With the every
bot executed huge set of name. Further, the bot launches
queries to everyone.
2. Decision Tree Model :
A tree-like structure within which each node within the tree
will specify the a test the feature and every branch from the
dataset that may correspond to 1 of the values for the feature.
to use the training model during this classifiers, the dataset
will randomly split into training datasets. The training data
then are going to be wont to train the botnets. The datasets
will then be tested using the testing datasets to predict the
botnets.
3. Naive Bayes Model :
Naive Bayes algorithm it's a straightforward classification
technique supported the algorithm of bayes assuming each
feature which can contribute independently to the probability
of the detection phase. Specifically during this model, the
classifier calculates all the probability for all classes for a
target feature and selects one with the very best probability.
In next step, it'll assumes that the values related to each class
of every feature follow a selected distribution. Although these
assumption don't happen often in world, this shows better
results than other models like in logistic regression. Also, it
may also generate models very quickly with little or no work
overhead. it's a preferred choice for span filters and other real-
time like anomaly detection algorithms.
4.Support Vector Machine :
Support Vector Machine is that the most well liked
Supervised Learning algorithms, which is employed for
Classification and Regression problems.A LAN style of
environment with several computers which has infected by
the botnet virus are simulated for testing this model. the most
purpose of the vector machine is to determine hyperplane to
classify the info within the project and to create the
classification model. Primarily, it's used for the Classification
problems in Machine Learning Concepts. The proposed
method could be a classified model during which a man-made
fish swarm algorithm and a support vector machine are
combined. the packet data of network flow was also collected.
The proposed method was accustomed identify the critical
features that determine the pattern of botnet. The results
indicated that the tactic is used for identifying the essential
botnets which the performance of the proposed method was
superior to it of genetic algorithms.
V. CONCLUSION AND FUTURE SCOPE

In this paper, the detection of botnet or suspicious traffic

activity using the machine learning techniques was proposed.
Four classifiers were applied on this work, namely Naïve
Bayes, K-Nearest Neighbor, Support Vector Machine, and
Decision Trees. The results revealed that the decision tree
model performed better than the other classifier models as
well as a slight improvement on the models that were
previously mentioned in the reviewed literature.
This model can be used to detect several botnet attacks and
other type of suspicious network activity. More classifiers
such as logistic regression tested. Further, Unsupervised
learning methods such as clustering can be used and
compared with the Supervised learning methods used in this
paper. Moreover, other methods of feature selection can be
examined to refine these results further. Lastly, the machine
learning model can be tested on a real-time controlled
environment to accurately measure the model’s performance
and how it handles different types of threats such a zero-day
threats.

VI. REFERENCES
1. Sean Miller and Curtis C.R. Busby-Earle The Role of
Machine Learning in Botnet Detection The University of the
West Indies at Mona December 2016.
https://www.researchgate.net/publication/
313809055_The_Role_of_Machine_Learning_in_Botnet_Det
ection
2. Dutta Sai Eswari1, P.V.Lakshmi2 A Survey On Detection
Of Ddos Attacks Using Machine Learning Approaches ;
Published online: 10 May 2021
3. Mr. A. Sankaran, A. Krithika Bavani Murat, M.
Tharrshinee, G. Yuvasree, “BOTNET DETECTION USING
MACHINE LEARNING,” Computer, vol. 50, no. 7, pp. 80–
84, 2017.
4. Botnet Detection Based On DNS Query Data - Xuan Dau
Hoang 1,ID and Quynh Chi Nguyen Posts and
Telecommunications Institute of Technology, Hanoi 100000,
Vietnam : 18 May 2018
5. An Empirical Study on Flow-based Botnet Attacks
Prediction Mitsuhiro Hatada Matthew Scholl Computer
Security Division Information Technology Laboratory
abuse.ch (2020) SSLBL Snort / Suricata Botnet C2 IP
Ruleset.
6. R. Khan, R. Kumar, M. Alazab and X. Zhang, “A Hybrid
Technique To Detect Botnets, Based on P2P Traffic
Similarity,” Cybersecurity and Cyberforensics Conference
(CCC), Melbourne, Australia, pp. 136-142, 2019.
7. M. Stevanovic and J. Pedersen, “An efficient flow-based
botnet detection using supervised machine learning,”
International Conference on Computing, Networking and
Communications, HI, pp. 797-801, 2014.
8. X. Hoang and Q. Nguyen, “Botnet Detection Based On
Machine Learning Techniques Using DNS Query Data,”
Future Internet, vol. 10, no. 5, p. 43, May 2018.
9 . J. Jin, Z. Yan, G. Geng and B. Yan, “Botnet Domain
Name Detection based on machine learning,” International
Conference on Wireless, Mobile and Multi-Media
(ICWMMN), Beijing, China, pp. 273-276, 2015.
10. S. Garg, A. Singh, A. Sarje and S. Peddoju, “Behaviour
analysis of machine learning algorithms for detecting P2P
botnets,” International Conference on Advanced Computing
Technologies, pp. 1-4, 2013.
11.S. Saad et al., “Detecting P2P botnets through network
behavior analysis and machine learning,” International
Conference on Privacy, Security and Trust, Montreal, QC, pp.
174-180, 2011.