How to choose from different botnet detection systems?

Abstract

Given that botnets represent one of the most aggressive threats against cybersecurity, various detection approaches have been studied. However, whichever approach is used, the evolving nature of botnets and the required pre-defined botnet detection rule sets employed may affect the performance of detection systems. In this work, we explore the effectiveness two rule based systems and two machine learning (ML) based techniques with different feature extraction methods (packet payload based and traffic flow based). The performance of these detection systems range from 0% to 100% on thirteen public botnet data sets (i.e. CTU-13). We further analyze the performances of these systems in order to understand which type of a detection system is more effective for which type of an application.