Skip to main content

Botnet detection using negative selection algorithm, convolution neural network and classification methods


Botnet is a network and internet risk. It is necessary to detect botnet by analyzing and monitoring in order to quickly prevent them. Most approaches are proposed to detect bots using processing and preprocessing on a large number of incoming information from network packets, structures, etc. The recent growth of Internet and network environments has caused a significant growth in botnet attack. Accordingly, the traditional approaches are not good for botnet detection. This paper presents a new approach for the detection of botnet within networks. The proposed detection model is used to compare four attacks, the IRC, HTTP, DNS and P2P, which are used by botnet. Additionally, this model evaluates the accuracy of botnet detection. We use network nerves and correlation and also NSA (negative selection algorithm) which is based on the artificial immune system to identify botnet and compare our results with random forest, K-neighbors, SVM, Gaussian NB, CNN, LSTM algorithms. Our method (CNN-LSTM) presents shorter training time and higher accuracy. In this experiment, we use ISOT and ISCX botnet dataset which are labeled as traffic data. In addition, we investigate various types of botnet attacks and the final evaluation is presented.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19


  1. Ahmed AM, Duran O, Zweiri Y, Smith M (2019) Quantification of hydrocarbon abundance in soils using deep learning with dropout and hyperspectral data. Remote Sens 11(16):1938

    Article  Google Scholar 

  2. Ahmed AA, Jabbar WA, Sadiq AS, Patel H (2020) Deep learning-based classification model for botnet attack detection. J Ambient Intell Humaniz Comput 1–10

  3. Akoglu H (2018) User’s guide to correlation coefficients. Turkish J Emerg Med 18(3):91–93

    Article  Google Scholar 

  4. Angelov P, Sperduti A (2016) Challenges in deep learning. In ESANN 2016 proceedings, European Symposium on Artificial Neural Networks, Computational Intelligence

  5. AsSadhan B, Moura JM (2014) An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic. J Adv Res 5(4):435–448

    Article  Google Scholar 

  6. Baruah S (2019) Botnet detection: analysis of various techniques. Int J Comput Intell IoT 2(2)

  7. Bezerra CG, Costa BSJ, Guedes LA, Angelov PP (2016) An evolving approach to unsupervised and real-time fault detection in industrial processes. Expert Syst Appl 63:134–144

    Article  Google Scholar 

  8. Calabrese B (2018) Data cleaning. Encyclopedia of bioinformatics and computational biology: ABC of bioinformatics, 472

  9. Chen SC, Chen YR, Tzeng WG (2018) Effective botnet detection through neural networks on convolutional features. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference On Big Data Science and Engineering (TrustCom/BigDataSE) (pp. 372–378). IEEE

  10. Dhayal H, Kumar J (2018) Botnet and P2P botnet detection strategies: a review. In: 2018 International Conference on Communication and Signal Processing (ICCSP) (pp. 1077–1082). IEEE

  11. Dong X, Hu J, Cui Y (2018) Overview of botnet detection based on machine learning. In: 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE) (pp 476–479). IEEE

  12. Gaonkar S, Dessai NF, Costa J, Borkar A, Aswale S, Shetgaonkar P (2020) A survey on botnet detection techniques. In: 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE) (pp. 1–6). IEEE

  13. Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutorials 17(4):2242–2270

    Article  Google Scholar 

  14. Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. arXiv preprint arXiv:1502.03167.

  15. Kasabov NK (2019) Time-space, spiking neural networks and brain-inspired artificial intelligence. Heidelberg: Springer. 1 ed. Berlin, 2018. 738 p

  16. Kaur G (2018) A novel distributed machine learning framework for semi-supervised detection of botnet attacks. In 2018 Eleventh International Conference on Contemporary Computing (IC3) (pp. 1–7). IEEE

  17. Kebande VR, Venter HS (2014) A cognitive approach for botnet detection using Artificial Immune System in the cloud. In: IEEE 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 52–57)

  18. Ko B, Kim HG, Choi HJ (2017) Controlled dropout: a different dropout for improving training speed on deep neural network. In: 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC) (pp. 972–977). IEEE

  19. Li X, Wang J, Zhang X (2017) Botnet detection technology based on DNS. Future Internet 9(4):55

    Article  Google Scholar 

  20. Maeda S, Kanai A, Tanimoto S, Hatashima T, Ohkubo K (2019) A botnet detection method on SDN using deep learning. In: 2019 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6). IEEE

  21. Mathur L, Raheja M, Ahlawat P (2018) Botnet detection via mining of network traffic flow. Procedia Comput Sci 132:1668–1677

    Article  Google Scholar 

  22. McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep Learning approaches. In: 2018 international joint conference on neural networks (IJCNN) (pp 1–8). IEEE

  23. Mighan SN, Kahani M (2020) A novel scalable intrusion detection system based on deep learning. Int J Inf Secur 1–17

  24. Rashid N, Iqbal J, Mahmood F, Abid A, Khan US, Tiwana MI (2018) Artificial immune system–Negative selection classification algorithm (NSCA) for four class electroencephalogram (EEG) Signals. Front Hum Neurosci 12:439

    Article  Google Scholar 

  25. Saurabh P, Verma B (2016) An efficient proactive artificial immune system based anomaly detection and prevention system. Expert Syst Appl 60:311–320

    Article  Google Scholar 

  26. Shi WC, Sun HM (2020) DeepBot: a time-based botnet detection with deep learning. Soft Comput

  27. Thangapandiyan M, Anand PR (2016) An efficient botnet detection system for P2P botnet. In: 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET) (pp. 1217–1221). IEEE

  28. Torres P, Catania C, Garcia S, Garino CG (2016) An analysis of recurrent neural networks for botnet detection behavior. In 2016 IEEE biennial congress of Argentina (ARGENCON) (pp. 1–6). IEEE

  29. Tosin SIT, Gbenga JR (2020) Negative selection algorithm based intrusion detection model. In 2020 IEEE 20th Mediterranean Electrotechnical Conference (MELECON) (pp. 202–206). IEEE

  30. Vormayr G, Zseby T, Fabini J (2017) Botnet communication patterns. IEEE Communications Surveys & Tutorials 19(4):2768–2796

    Article  Google Scholar 

  31. Wang J, Paschalidis IC (2016) Botnet detection based on anomaly and community detection. IEEE Trans Control Netw Syst 4(2):392–404

    MathSciNet  Article  Google Scholar 

  32. Wang K, Huang CY, Lin SJ, Lin YD (2011) A fuzzy pattern-based filtering algorithm for botnet detection. Comput Netw 55(15):3275–3286

    Article  Google Scholar 

  33. Wang S, Yan Q, Chen Z, Yang B, Zhao C, Conti M (2017) Detecting android malware leveraging text semantics of network flows. IEEE Trans Inf Forensics Secur 13(5):1096–1109

    Article  Google Scholar 

  34. Yang Z, Wang B (2019) A feature extraction method for P2P botnet detection using graphic symmetry concept. Symmetry 11(3):326

    Article  Google Scholar 

  35. Yerima SY, Alzaylaee MK (2020) Mobile botnet detection: a deep learning approach using convolutional neural networks. In: 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) (pp. 1–8). IEEE

  36. Zhao D, Traore I, Ghorbani A, Sayed B, Saad S, Lu W (2012) Peer to peer botnet detection based on flow intervals. In: IFIP International Information Security Conference (pp. 87–102). Springer, Berlin, Heidelberg

  37. Zhuang D, Chang JM (2019) Detecting peer-to-peer botnets through community behavior analysis. In: 2017 IEEE Conference on Dependable and Secure Computing (pp. 493–500). IEEE

Download references

Author information



Corresponding author

Correspondence to Soodeh Hosseini.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Hosseini, S., Nezhad, A.E. & Seilani, H. Botnet detection using negative selection algorithm, convolution neural network and classification methods. Evolving Systems (2021).

Download citation


  • Botnet detection
  • Convolution neural network
  • Negative selection algorithm
  • Classification algorithms