A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems

IF 1.9 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Distributed Sensor Networks Pub Date : 2022-03-01 DOI:10.1177/15501477211049910

Li Duan, Jingxian Zhou, You Wu, Wenyao Xu

{"title":"A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems","authors":"Li Duan, Jingxian Zhou, You Wu, Wenyao Xu","doi":"10.1177/15501477211049910","DOIUrl":null,"url":null,"abstract":"In smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic data. In this article, we present a novel and highly efficient botnet detection method based on an autoencoder neural network in cooperation with decision trees on a given network. The deep flow inspection method and statistical analysis are first applied as a feature selection technique to select relevant features, which are used to characterize the communication-related behavior between network nodes. Then, the autoencoder neural network for feature selection is used to improve the efficiency of model construction. Finally, Tomek-Recursion Borderline Synthetic Minority Oversampling Technique generates additional minority samples to achieve class balance, and an improved gradient boosting decision tree algorithm is used to train and establish an abnormal traffic detection model to improve the detection of unbalanced botnet data. The results of experiments on the ISCX-botnet traffic dataset show that the proposed method achieved better botnet detection performance with 99.10% recall, 99.20% accuracy, 99.1% F1 score, and 99.0% area under the curve.","PeriodicalId":50327,"journal":{"name":"International Journal of Distributed Sensor Networks","volume":" ","pages":""},"PeriodicalIF":1.9000,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Distributed Sensor Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1177/15501477211049910","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 7

Abstract

In smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic data. In this article, we present a novel and highly efficient botnet detection method based on an autoencoder neural network in cooperation with decision trees on a given network. The deep flow inspection method and statistical analysis are first applied as a feature selection technique to select relevant features, which are used to characterize the communication-related behavior between network nodes. Then, the autoencoder neural network for feature selection is used to improve the efficiency of model construction. Finally, Tomek-Recursion Borderline Synthetic Minority Oversampling Technique generates additional minority samples to achieve class balance, and an improved gradient boosting decision tree algorithm is used to train and establish an abnormal traffic detection model to improve the detection of unbalanced botnet data. The results of experiments on the ISCX-botnet traffic dataset show that the proposed method achieved better botnet detection performance with 99.10% recall, 99.20% accuracy, 99.1% F1 score, and 99.0% area under the curve.

查看原文本刊更多论文

基于智能系统网络流量分析的新型高效僵尸网络检测算法

在智能系统中，攻击者可以利用僵尸网络对物联网发起不同的网络攻击活动。传统的僵尸网络检测方法通常采用机器学习算法，由于网络中流量数据不均衡，难以对僵尸网络进行检测和控制。在本文中，我们提出了一种基于自编码器神经网络与给定网络上的决策树合作的新型高效僵尸网络检测方法。首先将深流检测方法和统计分析作为特征选择技术，选择相关特征，用于表征网络节点之间的通信相关行为。然后，利用自编码器神经网络进行特征选择，提高模型构建效率。最后，采用tomek -递归边界合成少数派过采样技术生成额外的少数派样本，实现类平衡，并采用改进的梯度增强决策树算法训练并建立异常流量检测模型，提高对不平衡僵尸网络数据的检测。在iscx -僵尸网络流量数据集上的实验结果表明，该方法具有99.10%的召回率、99.20%的准确率、99.1%的F1分数和99.0%的曲线下面积，取得了较好的僵尸网络检测性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Distributed Sensor Networks 工程技术-电信学

CiteScore

6.50

自引率

4.30%

发文量

审稿时长

3.6 months

期刊介绍： International Journal of Distributed Sensor Networks (IJDSN) is a JCR ranked, peer-reviewed, open access journal that focuses on applied research and applications of sensor networks. The goal of this journal is to provide a forum for the publication of important research contributions in developing high performance computing solutions to problems arising from the complexities of these sensor network systems. Articles highlight advances in uses of sensor network systems for solving computational tasks in manufacturing, engineering and environmental systems.