Cover Image

Botnet detection using independent component analysis

Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet...

Full description

Saved in:
Bibliographic Details
Main Authors: Ibrahim, Wan Nur Hidayah, Anuar, Mohd. Syahid, Selamat, Ali, Krejcar, Ondrej
Format: Article
Language:English
Published: International Islamic University Malaysia-IIUM 2022
Subjects:
T Technology (General)
Online Access:http://eprints.utm.my/104450/1/AliSelamat2022_BotnetDetectionUsingIndependentComponentAnalysis.pdf
http://eprints.utm.my/104450/
http://dx.doi.org/10.31436/IIUMEJ.V23I1.1789
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.104450
record_format eprints
spelling my.utm.1044502024-02-08T07:59:21Z http://eprints.utm.my/104450/ Botnet detection using independent component analysis Ibrahim, Wan Nur Hidayah Anuar, Mohd. Syahid Selamat, Ali Krejcar, Ondrej T Technology (General) Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. International Islamic University Malaysia-IIUM 2022 Article PeerReviewed application/pdf en http://eprints.utm.my/104450/1/AliSelamat2022_BotnetDetectionUsingIndependentComponentAnalysis.pdf Ibrahim, Wan Nur Hidayah and Anuar, Mohd. Syahid and Selamat, Ali and Krejcar, Ondrej (2022) Botnet detection using independent component analysis. IIUM Engineering Journal, 23 (1). pp. 95-115. ISSN 1511-788X http://dx.doi.org/10.31436/IIUMEJ.V23I1.1789 DOI : 10.31436/IIUMEJ.V23I1.1789
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic T Technology (General)
spellingShingle T Technology (General)
Ibrahim, Wan Nur Hidayah
Anuar, Mohd. Syahid
Selamat, Ali
Krejcar, Ondrej
Botnet detection using independent component analysis
description Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%.
format Article
author Ibrahim, Wan Nur Hidayah
Anuar, Mohd. Syahid
Selamat, Ali
Krejcar, Ondrej
author_facet Ibrahim, Wan Nur Hidayah
Anuar, Mohd. Syahid
Selamat, Ali
Krejcar, Ondrej
author_sort Ibrahim, Wan Nur Hidayah
title Botnet detection using independent component analysis
title_short Botnet detection using independent component analysis
title_full Botnet detection using independent component analysis
title_fullStr Botnet detection using independent component analysis
title_full_unstemmed Botnet detection using independent component analysis
title_sort botnet detection using independent component analysis
publisher International Islamic University Malaysia-IIUM
publishDate 2022
url http://eprints.utm.my/104450/1/AliSelamat2022_BotnetDetectionUsingIndependentComponentAnalysis.pdf
http://eprints.utm.my/104450/
http://dx.doi.org/10.31436/IIUMEJ.V23I1.1789
_version_ 1792147744691847168
score 13.160551

Similar Items