A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic (봇 넷 트래픽 식별을 위한 스택구조 딥러닝 접근 방식)

Koohong Kang (강구홍)

doi:10.9708/jksci.2021.26.12.123

A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2021, 26(12), pp.123-132
DOI : 10.9708/jksci.2021.26.12.123
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : September 23, 2021
Accepted : November 24, 2021
Published : December 31, 2021

Koohong Kang ¹

¹서원대학교

Accredited

ABSTRACT

Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.

KEYWORDS

Botnet, Botnet Detection System, Deep Learning, Convolutional Neural Network, CTU-13 Dataset

Citation status

* References for papers published after 2023 are currently being built.

[journal] Sérgio S.C. Silva / 2013 / Botnets: A survey / Computer Networks / Elsevier BV 57(2) : 378~403

[report] B. O’Gorman / 2019 / Symantec Internet Security Threat Report

[journal] Weibo Liu / 2017 / A survey of deep neural network architectures and their applications / Neurocomputing / Elsevier BV 234 : 11~26

[confproc] M. Tavallaee / 2009 / A Detailed Analysis of the KDD CUP 99 Data Set / Proceddings of the 2009IEEE Symposium on Computational Intelligence : 1~6

[confproc] C. Livadas / 2006 / Using Machine Learning Techniques to Identify Botnet Traffic / Proceedings of the 31st IEEE Conference on Local Computer Networks

[confproc] C. Hung / 2018 / A Botnet Detection System Based on Machine-Learning using Flow-Based Features / SECURWARE 2018: The Twelfth International Conference on Emerging Security Information, Systems and Technologies

[confproc] B. Nugraha / 2020 / Performance Evaluation of Botnet Detection using Deep Learning Techniques / Proceedings of the 11th International Conference on Network of the Future

[confproc] L. Mohammadpour / 2018 / A Convolutional Neural Network for Network Intrusion Detection System / Proceedings of the APAN-Research Workshop

[journal] S. García / 2014 / An empirical comparison of botnet detection methods / Computers & Security / Elsevier BV 45 : 100~123

[web] / The CTU-13 Dataset. A Labeled Dataset with Btnet, Normal and Background traffic / https://www.stratosphereips.org/datasets-ctu13

[confproc] S. Maeda / 2019 / A Botnet Detection Method on SDN using Deep Learning / Proceedings of 2019 IEEE International Conference on Consumer Electronics, pp. 1-6 : 1~6

[confproc] S. C. Chen / 2018 / Effective botnet detection through neural networks on convolutional features / Proceedings of the 17th IEEE Conference On Trust, Security, And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering, pp. 372-378 : 372~378

[journal] B. Rahbarinia / 2014 / Peerrush : Mining for Unwanted p2p traffic / Journal of Information Security and Applications 19(3) : 194~208

[journal] Lorenzo Fernandez Maimo / 2018 / A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks / IEEE Access / Institute of Electrical and Electronics Engineers (IEEE) 6 : 7700~7712

[book] W.R. Stevens / 1994 / TCP/IP Illustrated, Volume 1 / Addison-Wesley

[book] A. Geron / 2017 / Hands-On Machine Learning with Scikit-Learn &TensorFlow / O’REILLY

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

A Deep Learning Approach with Stacking Architecture to Identify Botnet Traffic

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (16) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.