Browse > Article
http://dx.doi.org/10.9708/jksci.2021.26.12.123

A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic  

Kang, Koohong (Dept. of Information and Communications Eng., Seowon University)
Publication Information
Journal of the Korea Society of Computer and Information / v.26, no.12, 2021 , pp. 123-132 More about this Journal
Abstract
Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.
Keywords
Botnet; Botnet Detection System; Deep Learning; Convolutional Neural Network; CTU-13 Dataset;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Silva, R. Silva, R. Pinto, and R. Salles, "Botnets: A survey," Computer Networks, Vol. 57, No. 2, pp. 378-403, 2013, doi:10.1016/j.comnet.2012.07.021   DOI
2 W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, and F.E. Alsaadi, " A Survey of Deep Neural Network Architectures and Their Applications," Neurocomputing, Vol. 234, pp. 11-26, April 2017, doi:10.1016/j.neucom.2016.12.038   DOI
3 C. Hung and H. Sun, "A Botnet Detection System Based on Machine-Learning using Flow-Based Features," SECURWARE 2018: The Twelfth International Conference on Emerging Security Information, Systems and Technologies, 2018.
4 S. Garcia, M. Grill, J.Stiborek, and A. Zunino, "An empirical comparison of botnet detection methods," Computers and Security Jourmal, Vol. 45, pp. 100-123, 22014, doi:10.1016/j.cose.2014.05.011   DOI
5 The CTU-13 Dataset. A Labeled Dataset with Btnet, Normal and Background traffic, https://www.stratosphereips.org/datasets-ctu13
6 S. Maeda, A. Kanai, S. Tanimoto, T. Hatashima, and K. Ohkubo, "A Botnet Detection Method on SDN using Deep Learning," Proceedings of 2019 IEEE International Conference on Consumer Electronics, pp. 1-6, 2019, doi:10.1109/icce.2019.8662080
7 M. Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," Proceddings of the 2009 IEEE Symposium on Computational Intelligence, pp. 1-6, July 2009, doi:10.1109/cisda.2009.5356528
8 B. O'Gorman, C. Wueest, D. O'Brien, G. Cleary, H.. Lau, J.P. Power, M. Corpin, O. Cox, P. Wood, and S. Wallace, Symantec Internet Security Threat Report, Technical Report, Vol. 24, 2019.
9 L.F. Maimo, A.P. Gomez, F.G. Clemente, M.G. Perez, and G.M. Perez, "A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks," IEEE Access, Vol. 6, pp. 7700-7712, 2018, doi:10.1109/access.2018.2803446   DOI
10 L. Mohammadpour, T.C. Ling, C.S. Liew,and C.Y. Chong, "A Convolutional Neural Network for Network Intrusion Detection System," Proceedings of the APAN- Research Workshop, 2018.
11 C. Livadas, R. Walsh, D. Lapsley, and W.T. Strayer, "Using Machine Learning Techniques to Identify Botnet Traffic," Proceedings of the 31st IEEE Conference on Local Computer Networks, 2006, doi:10.1109/lcn.2006.322210
12 W.R. Stevens, TCP/IP Illustrated, Volume 1, Addison-Wesley, 1994.
13 B. Nugraha, A. Nambiar, and T. Bauschert, "Performance Evaluation of Botnet Detection using Deep Learning Techniques," Proceedings of the 11th International Conference on Network of the Future, Oct. 2020, doi:10.1109/nof50125.2020.9249198
14 S.C. Chen, Y.R. Chen, and W.G. Tzeng, "Effective botnet detection through neural networks on convolutional features," Proceedings of the 17th IEEE Conference On Trust, Security, And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering, pp. 372-378, 2018, doi:10.1109/trustcom/bigdatase.2018.00062
15 B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Ki, "Peerrush: Mining for Unwanted p2p traffic," Journal of Information Security and Applications, Vol. 19, No. 3, pp. 194-208, 2014, doi:10.1007/978-3-642-39235-1_4   DOI
16 A. Geron, Hands-On Machine Learning with Scikit-Learn & TensorFlow, O'REILLY, 2017.