Early Detection of Botnet Activities Using Grammatical Evolution

  • Selim YilmazEmail author
  • Sevil Sen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11454)


There have been numerous studies proposed for detecting botnets in the literature. However, it is still a challenging issue as most of the proposed systems are unable to detect botnets in their early stage and they cannot perform satisfying performance on new forms of botnets. In this study, we propose an evolutionary computation-based approach that relies on grammatical evolution to generate a botnet detection algorithm automatically. The performance of the proposed flow-based detection system reveals that it detects botnets accurately in their very early stage and performs better than most of the existing methods.


Botnet Flow-based detection Evolutionary computation Grammatical evolution 


  1. 1.
    Karim, A., Salleh, R.B., Shiraz, M., Shah, S.A.A., Awan, I., Anuar, N.B.: Botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ. Sci. C 15(11), 943–983 (2014)CrossRefGoogle Scholar
  2. 2.
    Huseynov, K., Kim, K., Yoo, P.D.: Semi-supervised botnet detection using ant colony clustering. In: Proceedings of Symposium on Cryptography and Information Security (SCIS), pp. 1–7 (2014)Google Scholar
  3. 3.
    Narang, P., Reddy, J.M., Hota, C.: Feature selection for detection of peer-to-peer botnet traffic. In: Proceedings of the 6th ACM India Computing Convention, Compute 2013, pp. 16:1–16:9. ACM, New York (2013)Google Scholar
  4. 4.
    Kirubavathi Venkatesh, G., Anitha Nadarajan, R.: HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 38–48. Springer, Heidelberg (2012). Scholar
  5. 5.
    Kirubavathi, G., Anitha, R.: Botnet detection via mining of traffic flow characteristics. Comput. Electr. Eng. 50, 91–101 (2016)CrossRefGoogle Scholar
  6. 6.
    Nogueira, A., Salvador, P., Blessa, F.: A botnet detection system based on neural networks. In: 2010 Fifth International Conference on Digital Telecommunications, pp. 57–62, June 2010Google Scholar
  7. 7.
    Saad, S., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp. 174–180, July 2011Google Scholar
  8. 8.
    Wang, K., Huang, C.Y., Lin, S.J., Lin, Y.D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55(15), 3275–3286 (2011)CrossRefGoogle Scholar
  9. 9.
    Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning techniques to identify botnet traffic. In: Proceedings. 2006 31st IEEE Conference on Local Computer Networks, pp. 967–974, November 2006Google Scholar
  10. 10.
    Fedynyshyn, G., Chuah, M.C., Tan, G.: Detection and classification of different botnet C&C channels. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 228–242. (2011). Scholar
  11. 11.
    O’Neill, M., Ryan, C.: Grammatical evolution. IEEE Trans. Evol. Comput. 5(4), 349–358 (2001)CrossRefGoogle Scholar
  12. 12.
    Ryan, C., Collins, J.J., Neill, M.O.: Grammatical evolution: evolving programs for an arbitrary language. In: Banzhaf, W., Poli, R., Schoenauer, M., Fogarty, T.C. (eds.) EuroGP 1998. LNCS, vol. 1391, pp. 83–96. Springer, Heidelberg (1998). Scholar
  13. 13.
    CICFlowMeter: Network Traffic Flow Analyzer. Accessed 25 Nov 2018
  14. 14.
    jnetpcap. Accessed 01 July 2018
  15. 15.
    ECJ: A java-based evolutionary computation research system (2017).
  16. 16.
    Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy. SciTePress - Science and Technology Publications (2018)Google Scholar
  17. 17.
    Lu, W., Rammidi, G., Ghorbani, A.A.: Clustering botnet communication traffic based on n-gram feature selection. Comput. Commun. 34(3), 502–514 (2011). Special Issue of Computer Communications on Information and Future Communication SecurityCrossRefGoogle Scholar
  18. 18.
    Henderson, T., Kotz, D., Abyzov, I.: The changing usage of a mature campus-wide wireless network. In: Proceedings of the 10th Annual International Conference on Mobile Computing and Networking, MobiCom 2004, pp. 187–201. ACM, New York (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.WISE Lab., Department of Computer EngineeringHacettepe UniversityAnkaraTurkey

Personalised recommendations