Abstract
Botnets, an army of remotely controlled compromised devices called bots, routinely cause severe damage to infrastructures and organizations. Since the attacker uses millions of diverse internet-enabled devices and always has extra resources to increase the attack intensity, traditional counterattack measures fail to handle the enormous volumes of network traffic generated from a bot army. Consequently, there is a demand for a robust botnet defense system that can handle the massive volume of network traffic and detect botnet attacks with high accuracy. In this work, we propose BotDefender, a collaborative framework that protects against botnet attacks. BotDefender combines a proposed network traffic analyzer and machine learning technique to prevent botnet attacks. The proposed network traffic analyzer performs an in-depth traffic analysis to detect bots and filter out all the traffic from the identified bots. It significantly reduces network traffic by filtering out a huge amount of traffic from the bots and transfers significantly reduced amounts of traffic to the machine learning model for further analysis. The machine learning model is powered by a novel feature selection technique, an extended dataset construction technique inspired by human learning patterns and a stacking ensemble-based machine learning model, to detect bots. Our experiments exhibit a consistent performance of the proposed machine learning model. Finally, to evaluate the performance of BotDefender, we design and develop a live botnet attack strategy. During the live experiment, BotDefender filters out 99.8% of the botnet traffic and achieves an overall accuracy of 100%.
Similar content being viewed by others
References
Nazemi Gelian, M.; Mashayekhi, H.; Mashayekhi, Y.: A self-learning stream classifier for flow-based botnet detection. Int. J. Commun. Syst. 32(16), e4143 (2019). https://doi.org/10.1002/dac.4143
Prasad, A.; Chandra, S.: Machine learning to combat cyberattack: a survey of datasets and challenges. J. Defense Model. Simul. (2022). https://doi.org/10.1177/15485129221094881
Mudassir, M.; Unal, D.; Hammoudeh, M.; Azzedin, F.: Detection of Botnet attacks against industrial IoT systems by multilayer deep learning approaches. Wirel. Commun. Mob. Comput. (2022). https://doi.org/10.1155/2022/2845446
Panimalar, P.; Rameshkumar, K.: A novel traffic analysis model for botnet discovery in dynamic network. Arab. J. Sci. Eng. 44(4), 3033–3042 (2019). https://doi.org/10.1007/s13369-018-3319-7
Mohanta, B.K.; Jena, D.; Ramasubbareddy, S.; Daneshmand, M.; Gandomi, A.H.: Addressing security and privacy issues of IoT using blockchain technology. IEEE Internet Things J. 8(2), 881–888 (2020). https://doi.org/10.1109/JIOT.2020.3008906
Swessi, D.; Idoudi, H.: A survey on internet-of-things security: threats and emerging countermeasures. Wirel. Pers. Commun. 124(2), 1557–1592 (2022). https://doi.org/10.1007/s11277-021-09420-0
Gartner predicts by 2025 cyber attackers will have weaponized operational technology environments to successfully harm or kill humans. Gartner. (2021, July 21). Retrieved October 27, 2022. https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we
Siddiqui, A.J.; Boukerche, A.: TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Clust. Comput. 24(1), 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8
Humayun, M.; Niazi, M.; Jhanjhi, N.Z.; Alshayeb, M.; Mahmood, S.: Cyber security threats and vulnerabilities: a systematic mapping study. Arab. J. Sci. Eng. 45(4), 3171–3189 (2020). https://doi.org/10.1007/s13369-019-04319-2
Rehman Javed, A.; Jalil, Z.; Atif Moqurrab, S.; Abbas, S.; Liu, X.: Ensemble adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles. Trans. Emerg. Telecommun. Technol. (2020). https://doi.org/10.1002/ett.4088
Nguyen, G.L.; Dumba, B.; Ngo, Q.D.; Le, H.V.; Nguyen, T.N.: A collaborative approach to early detection of IoT Botnet. Comput. Electr. Eng. 97, 107525 (2022). https://doi.org/10.1016/j.compeleceng.2021.107525
Moodi, M.; Ghazvini, M.; Moodi, H.; Ghavami, B.: A smart adaptive particle swarm optimization-support vector machine: android botnet detection application. J. Supercomput. 76(12), 9854–9881 (2020). https://doi.org/10.1007/s11227-020-03233-x
Mousavi, S.H.; Khansari, M.; Rahmani, R.: A fully scalable big data framework for Botnet detection based on network traffic analysis. Inf. Sci. 512, 629–640 (2020). https://doi.org/10.1016/j.ins.2019.10.018
Asadi, M.: Detecting IoT botnets based on the combination of cooperative game theory with deep and machine learning approaches. J. Ambient Intell. Hum. Comput. (2021). https://doi.org/10.1007/s12652-021-03185-x
Abou Daya, A.; Salahuddin, M.A.; Limam, N.; Boutaba, R.: BotChase: graph-based bot detection using machine learning. IEEE Trans. Netw. Serv. Manag. 17(1), 15–29 (2020). https://doi.org/10.1109/TNSM.2020.2972405
Shi, W.C.; Sun, H.M.: DeepBot: a time-based botnet detection with deep learning. Soft. Comput. 24(21), 16605–16616 (2020)
Alani, M.M.: BotStop: packet-based efficient and explainable IoT botnet detection using machine learning. Comput. Commun. 193, 53–62 (2022). https://doi.org/10.1007/s00500-020-04963-z
Alauthman, M.; Aslam, N.; Al-Kasassbeh, M.; Khan, S.; Al-Qerem, A.; Choo, K.K.R.: An efficient reinforcement learning-based Botnet detection approach. J. Netw. Comput. Appl. 150, 102479 (2020). https://doi.org/10.1016/j.jnca.2019.102479
Ayub, M.; Lajam, O.; Alnajim, A.; Niazi, M.: Use of machine learning for Web Denial-of-service attacks: a multivocal literature review. Arab. J. Sci. Eng. (2022). https://doi.org/10.1007/s13369-022-07517-7
Singh, A.; Jain, A.: An efficient credit card fraud detection approach using cost-sensitive weak learner with imbalanced dataset. Comput. Intell. (2020). https://doi.org/10.1111/coin.12555
Jemili, F.: Intelligent intrusion detection based on fuzzy Big Data classification. Cluster Comput. (2022). https://doi.org/10.1007/s10586-022-03769-y
Verma, A.; Saha, R.; Kumar, N.; Kumar, G.: A detailed survey of denial of service for IoT and multimedia systems: past, present and futuristic development. Multimedia Tools Appl. (2022). https://doi.org/10.1007/s11042-021-11859-z
Prasad, A.; Chandra, S.: VMFCVD: an optimized framework to combat volumetric DDoS attacks using machine learning. Arab. J. Sci. Eng. (2022). https://doi.org/10.1007/s13369-021-06484-9
Shaer, L.; Kanj, R.; Joshi, R. (2022) A best balance ratio ordered feature selection methodology for robust and fast statistical analysis of memory designs. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. https://doi.org/10.1109/TCAD.2022.3213762
Ayub, M.; El-Alfy, E.S.M.: URLCam: toolkit for malicious URL analysis and modeling. J. Intell. Fuzzy Syst. 41(5), 5535–5549 (2021). https://doi.org/10.3233/JIFS-189874
Al-Utaibi, K.A.; El-Alfy, E.S.M.: Intrusion detection taxonomy and data preprocessing mechanisms. J. Intell. Fuzzy Syst. 34(3), 1369–1383 (2018). https://doi.org/10.3233/JIFS-169432
Iman, S.; Arash, H.L.; Ali, A.G.: Toward Generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal (2018). https://doi.org/10.5220/0006639801080116
Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019). https://doi.org/10.1016/j.future.2019.05.041
Moustafa, N.; Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6. IEEE. (2015) https://doi.org/10.1109/MilCIS.2015.7348942
Azzedin, F.; Suwad, H.; Rahman, M.M.: An asset-based approach to mitigate zero-day ransomware attacks. CMC Comput. Mater. Cont. 73(2), 3003–3020 (2022)
Azzedin, F.; Suwad, H.; Alyafeai, Z.: Countermeasureing zero day attacks: asset-based approach. In: 2017 International Conference on High Performance Computing and Simulation (HPCS), pp. 854–857. IEEE. (2017)
Popoola, S.I.; Ande, R.; Adebisi, B.; Gui, G.; Hammoudeh, M.; Jogunola, O.: Federated deep learning for zero-day botnet attack detection in IoT-edge devices. IEEE Internet Things J. 9(5), 3930–3944 (2021)
Popoola, S.I.; Adebisi, B.; Ande, R.; Hammoudeh, M.; Atayero, A.A.: Memory-efficient deep learning for botnet attack detection in IoT networks. Electronics 10(9), 1104 (2021)
Ahmad, R.; Alsmadi, I.; Alhamdani, W.; Tawalbeh, L.A.: Zero-day attack detection: a systematic literature review. Artif. Intell. Rev. 5, 1–79 (2023)
Prasad, M.; Tripathi, S.; Dahal, K.: An efficient feature selection based Bayesian and Rough set approach for intrusion detection. Appl. Soft Comput. 87, 105980 (2020). https://doi.org/10.1016/j.asoc.2019.105980
Aamir, M.; Zaidi, S.M.A.: Clustering based semi-supervised machine learning for DDoS attack classification. J. King Saud Univ. Comput. Inf. Sci. 33(4), 436–446 (2021). https://doi.org/10.1016/j.jksuci.2019.02.003
Sarhan, M.; Layeghy, S.; Moustafa, N.; Portmann, M.: Netflow datasets for machine learning-based network intrusion detection systems. In: Big Data Technologies and Applications, pp. 117–135. Springer, Cham. (2020). https://doi.org/10.1007/978-3-030-72802-1_9
Waqas, M.; Kumar, K.; Laghari, A.A.; Saeed, U.; Rind, M.M.; Shaikh, A.A.; Qazi, A.Q.: Botnet attack detection in Internet of Things devices over cloud environment via machine learning. Concurr. Comput. Pract. Exp. 34(4), e6662 (2022). https://doi.org/10.1002/cpe.6662
Liu, Z.; Thapa, N.; Shaver, A.; Roy, K.; Siddula, M.; Yuan, X.; Yu, A.: Using embedded feature selection and CNN for classification on CCD-INID-V1-a new IoT dataset. Sensors 21(14), 4834 (2021). https://doi.org/10.3390/s21144834
Gao, Y.; Wu, H.; Song, B.; Jin, Y.; Luo, X.; Zeng, X.: A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network. IEEE Access 7, 154560–154571 (2019). https://doi.org/10.1109/ACCESS.2019.2948382
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Prasad, A., Chandra, S. BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning. Arab J Sci Eng 49, 3313–3329 (2024). https://doi.org/10.1007/s13369-023-08016-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-023-08016-z