Skip to main content
SpringerLink
Log in

BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Botnets, an army of remotely controlled compromised devices called bots, routinely cause severe damage to infrastructures and organizations. Since the attacker uses millions of diverse internet-enabled devices and always has extra resources to increase the attack intensity, traditional counterattack measures fail to handle the enormous volumes of network traffic generated from a bot army. Consequently, there is a demand for a robust botnet defense system that can handle the massive volume of network traffic and detect botnet attacks with high accuracy. In this work, we propose BotDefender, a collaborative framework that protects against botnet attacks. BotDefender combines a proposed network traffic analyzer and machine learning technique to prevent botnet attacks. The proposed network traffic analyzer performs an in-depth traffic analysis to detect bots and filter out all the traffic from the identified bots. It significantly reduces network traffic by filtering out a huge amount of traffic from the bots and transfers significantly reduced amounts of traffic to the machine learning model for further analysis. The machine learning model is powered by a novel feature selection technique, an extended dataset construction technique inspired by human learning patterns and a stacking ensemble-based machine learning model, to detect bots. Our experiments exhibit a consistent performance of the proposed machine learning model. Finally, to evaluate the performance of BotDefender, we design and develop a live botnet attack strategy. During the live experiment, BotDefender filters out 99.8% of the botnet traffic and achieves an overall accuracy of 100%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Nazemi Gelian, M.; Mashayekhi, H.; Mashayekhi, Y.: A self-learning stream classifier for flow-based botnet detection. Int. J. Commun. Syst. 32(16), e4143 (2019). https://doi.org/10.1002/dac.4143

    Article  Google Scholar 

  2. Prasad, A.; Chandra, S.: Machine learning to combat cyberattack: a survey of datasets and challenges. J. Defense Model. Simul. (2022). https://doi.org/10.1177/15485129221094881

    Article  Google Scholar 

  3. Mudassir, M.; Unal, D.; Hammoudeh, M.; Azzedin, F.: Detection of Botnet attacks against industrial IoT systems by multilayer deep learning approaches. Wirel. Commun. Mob. Comput. (2022). https://doi.org/10.1155/2022/2845446

    Article  Google Scholar 

  4. Panimalar, P.; Rameshkumar, K.: A novel traffic analysis model for botnet discovery in dynamic network. Arab. J. Sci. Eng. 44(4), 3033–3042 (2019). https://doi.org/10.1007/s13369-018-3319-7

    Article  Google Scholar 

  5. Mohanta, B.K.; Jena, D.; Ramasubbareddy, S.; Daneshmand, M.; Gandomi, A.H.: Addressing security and privacy issues of IoT using blockchain technology. IEEE Internet Things J. 8(2), 881–888 (2020). https://doi.org/10.1109/JIOT.2020.3008906

    Article  Google Scholar 

  6. Swessi, D.; Idoudi, H.: A survey on internet-of-things security: threats and emerging countermeasures. Wirel. Pers. Commun. 124(2), 1557–1592 (2022). https://doi.org/10.1007/s11277-021-09420-0

    Article  Google Scholar 

  7. Gartner predicts by 2025 cyber attackers will have weaponized operational technology environments to successfully harm or kill humans. Gartner. (2021, July 21). Retrieved October 27, 2022. https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we

  8. Siddiqui, A.J.; Boukerche, A.: TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Clust. Comput. 24(1), 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8

    Article  Google Scholar 

  9. Humayun, M.; Niazi, M.; Jhanjhi, N.Z.; Alshayeb, M.; Mahmood, S.: Cyber security threats and vulnerabilities: a systematic mapping study. Arab. J. Sci. Eng. 45(4), 3171–3189 (2020). https://doi.org/10.1007/s13369-019-04319-2

    Article  Google Scholar 

  10. Rehman Javed, A.; Jalil, Z.; Atif Moqurrab, S.; Abbas, S.; Liu, X.: Ensemble adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles. Trans. Emerg. Telecommun. Technol. (2020). https://doi.org/10.1002/ett.4088

    Article  Google Scholar 

  11. Nguyen, G.L.; Dumba, B.; Ngo, Q.D.; Le, H.V.; Nguyen, T.N.: A collaborative approach to early detection of IoT Botnet. Comput. Electr. Eng. 97, 107525 (2022). https://doi.org/10.1016/j.compeleceng.2021.107525

    Article  Google Scholar 

  12. Moodi, M.; Ghazvini, M.; Moodi, H.; Ghavami, B.: A smart adaptive particle swarm optimization-support vector machine: android botnet detection application. J. Supercomput. 76(12), 9854–9881 (2020). https://doi.org/10.1007/s11227-020-03233-x

    Article  Google Scholar 

  13. Mousavi, S.H.; Khansari, M.; Rahmani, R.: A fully scalable big data framework for Botnet detection based on network traffic analysis. Inf. Sci. 512, 629–640 (2020). https://doi.org/10.1016/j.ins.2019.10.018

    Article  Google Scholar 

  14. Asadi, M.: Detecting IoT botnets based on the combination of cooperative game theory with deep and machine learning approaches. J. Ambient Intell. Hum. Comput. (2021). https://doi.org/10.1007/s12652-021-03185-x

    Article  Google Scholar 

  15. Abou Daya, A.; Salahuddin, M.A.; Limam, N.; Boutaba, R.: BotChase: graph-based bot detection using machine learning. IEEE Trans. Netw. Serv. Manag. 17(1), 15–29 (2020). https://doi.org/10.1109/TNSM.2020.2972405

    Article  Google Scholar 

  16. Shi, W.C.; Sun, H.M.: DeepBot: a time-based botnet detection with deep learning. Soft. Comput. 24(21), 16605–16616 (2020)

    Article  Google Scholar 

  17. Alani, M.M.: BotStop: packet-based efficient and explainable IoT botnet detection using machine learning. Comput. Commun. 193, 53–62 (2022). https://doi.org/10.1007/s00500-020-04963-z

    Article  Google Scholar 

  18. Alauthman, M.; Aslam, N.; Al-Kasassbeh, M.; Khan, S.; Al-Qerem, A.; Choo, K.K.R.: An efficient reinforcement learning-based Botnet detection approach. J. Netw. Comput. Appl. 150, 102479 (2020). https://doi.org/10.1016/j.jnca.2019.102479

    Article  Google Scholar 

  19. Ayub, M.; Lajam, O.; Alnajim, A.; Niazi, M.: Use of machine learning for Web Denial-of-service attacks: a multivocal literature review. Arab. J. Sci. Eng. (2022). https://doi.org/10.1007/s13369-022-07517-7

    Article  Google Scholar 

  20. Singh, A.; Jain, A.: An efficient credit card fraud detection approach using cost-sensitive weak learner with imbalanced dataset. Comput. Intell. (2020). https://doi.org/10.1111/coin.12555

    Article  Google Scholar 

  21. Jemili, F.: Intelligent intrusion detection based on fuzzy Big Data classification. Cluster Comput. (2022). https://doi.org/10.1007/s10586-022-03769-y

    Article  Google Scholar 

  22. Verma, A.; Saha, R.; Kumar, N.; Kumar, G.: A detailed survey of denial of service for IoT and multimedia systems: past, present and futuristic development. Multimedia Tools Appl. (2022). https://doi.org/10.1007/s11042-021-11859-z

    Article  Google Scholar 

  23. Prasad, A.; Chandra, S.: VMFCVD: an optimized framework to combat volumetric DDoS attacks using machine learning. Arab. J. Sci. Eng. (2022). https://doi.org/10.1007/s13369-021-06484-9

    Article  PubMed  PubMed Central  Google Scholar 

  24. Shaer, L.; Kanj, R.; Joshi, R. (2022) A best balance ratio ordered feature selection methodology for robust and fast statistical analysis of memory designs. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. https://doi.org/10.1109/TCAD.2022.3213762

  25. Ayub, M.; El-Alfy, E.S.M.: URLCam: toolkit for malicious URL analysis and modeling. J. Intell. Fuzzy Syst. 41(5), 5535–5549 (2021). https://doi.org/10.3233/JIFS-189874

    Article  Google Scholar 

  26. Al-Utaibi, K.A.; El-Alfy, E.S.M.: Intrusion detection taxonomy and data preprocessing mechanisms. J. Intell. Fuzzy Syst. 34(3), 1369–1383 (2018). https://doi.org/10.3233/JIFS-169432

    Article  Google Scholar 

  27. Iman, S.; Arash, H.L.; Ali, A.G.: Toward Generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal (2018). https://doi.org/10.5220/0006639801080116

  28. Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019). https://doi.org/10.1016/j.future.2019.05.041

    Article  Google Scholar 

  29. Moustafa, N.; Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6. IEEE. (2015) https://doi.org/10.1109/MilCIS.2015.7348942

  30. Azzedin, F.; Suwad, H.; Rahman, M.M.: An asset-based approach to mitigate zero-day ransomware attacks. CMC Comput. Mater. Cont. 73(2), 3003–3020 (2022)

    Google Scholar 

  31. Azzedin, F.; Suwad, H.; Alyafeai, Z.: Countermeasureing zero day attacks: asset-based approach. In: 2017 International Conference on High Performance Computing and Simulation (HPCS), pp. 854–857. IEEE. (2017)

  32. Popoola, S.I.; Ande, R.; Adebisi, B.; Gui, G.; Hammoudeh, M.; Jogunola, O.: Federated deep learning for zero-day botnet attack detection in IoT-edge devices. IEEE Internet Things J. 9(5), 3930–3944 (2021)

    Article  Google Scholar 

  33. Popoola, S.I.; Adebisi, B.; Ande, R.; Hammoudeh, M.; Atayero, A.A.: Memory-efficient deep learning for botnet attack detection in IoT networks. Electronics 10(9), 1104 (2021)

    Article  Google Scholar 

  34. Ahmad, R.; Alsmadi, I.; Alhamdani, W.; Tawalbeh, L.A.: Zero-day attack detection: a systematic literature review. Artif. Intell. Rev. 5, 1–79 (2023)

    Google Scholar 

  35. Prasad, M.; Tripathi, S.; Dahal, K.: An efficient feature selection based Bayesian and Rough set approach for intrusion detection. Appl. Soft Comput. 87, 105980 (2020). https://doi.org/10.1016/j.asoc.2019.105980

    Article  Google Scholar 

  36. Aamir, M.; Zaidi, S.M.A.: Clustering based semi-supervised machine learning for DDoS attack classification. J. King Saud Univ. Comput. Inf. Sci. 33(4), 436–446 (2021). https://doi.org/10.1016/j.jksuci.2019.02.003

    Article  Google Scholar 

  37. Sarhan, M.; Layeghy, S.; Moustafa, N.; Portmann, M.: Netflow datasets for machine learning-based network intrusion detection systems. In: Big Data Technologies and Applications, pp. 117–135. Springer, Cham. (2020). https://doi.org/10.1007/978-3-030-72802-1_9

  38. Waqas, M.; Kumar, K.; Laghari, A.A.; Saeed, U.; Rind, M.M.; Shaikh, A.A.; Qazi, A.Q.: Botnet attack detection in Internet of Things devices over cloud environment via machine learning. Concurr. Comput. Pract. Exp. 34(4), e6662 (2022). https://doi.org/10.1002/cpe.6662

  39. Liu, Z.; Thapa, N.; Shaver, A.; Roy, K.; Siddula, M.; Yuan, X.; Yu, A.: Using embedded feature selection and CNN for classification on CCD-INID-V1-a new IoT dataset. Sensors 21(14), 4834 (2021). https://doi.org/10.3390/s21144834

  40. Gao, Y.; Wu, H.; Song, B.; Jin, Y.; Luo, X.; Zeng, X.: A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network. IEEE Access 7, 154560–154571 (2019). https://doi.org/10.1109/ACCESS.2019.2948382

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, BBA University, Lucknow, India

    Arvind Prasad & Shalini Chandra

Authors
  1. Arvind Prasad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shalini Chandra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arvind Prasad.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Prasad, A., Chandra, S. BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning. Arab J Sci Eng 49, 3313–3329 (2024). https://doi.org/10.1007/s13369-023-08016-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-023-08016-z

Keywords

Search

Navigation