Abstract
Botnet is a network and internet risk. It is necessary to detect botnet by analyzing and monitoring in order to quickly prevent them. Most approaches are proposed to detect bots using processing and preprocessing on a large number of incoming information from network packets, structures, etc. The recent growth of Internet and network environments has caused a significant growth in botnet attack. Accordingly, the traditional approaches are not good for botnet detection. This paper presents a new approach for the detection of botnet within networks. The proposed detection model is used to compare four attacks, the IRC, HTTP, DNS and P2P, which are used by botnet. Additionally, this model evaluates the accuracy of botnet detection. We use network nerves and correlation and also NSA (negative selection algorithm) which is based on the artificial immune system to identify botnet and compare our results with random forest, K-neighbors, SVM, Gaussian NB, CNN, LSTM algorithms. Our method (CNN-LSTM) presents shorter training time and higher accuracy. In this experiment, we use ISOT and ISCX botnet dataset which are labeled as traffic data. In addition, we investigate various types of botnet attacks and the final evaluation is presented.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ahmed AM, Duran O, Zweiri Y, Smith M (2019) Quantification of hydrocarbon abundance in soils using deep learning with dropout and hyperspectral data. Remote Sens 11(16):1938
Ahmed AA, Jabbar WA, Sadiq AS, Patel H (2020) Deep learning-based classification model for botnet attack detection. J Ambient Intell Humaniz Comput 1–10
Akoglu H (2018) User’s guide to correlation coefficients. Turkish J Emerg Med 18(3):91–93
Angelov P, Sperduti A (2016) Challenges in deep learning. In ESANN 2016 proceedings, European Symposium on Artificial Neural Networks, Computational Intelligence
AsSadhan B, Moura JM (2014) An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic. J Adv Res 5(4):435–448
Baruah S (2019) Botnet detection: analysis of various techniques. Int J Comput Intell IoT 2(2)
Bezerra CG, Costa BSJ, Guedes LA, Angelov PP (2016) An evolving approach to unsupervised and real-time fault detection in industrial processes. Expert Syst Appl 63:134–144
Calabrese B (2018) Data cleaning. Encyclopedia of bioinformatics and computational biology: ABC of bioinformatics, 472
Chen SC, Chen YR, Tzeng WG (2018) Effective botnet detection through neural networks on convolutional features. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference On Big Data Science and Engineering (TrustCom/BigDataSE) (pp. 372–378). IEEE
Dhayal H, Kumar J (2018) Botnet and P2P botnet detection strategies: a review. In: 2018 International Conference on Communication and Signal Processing (ICCSP) (pp. 1077–1082). IEEE
Dong X, Hu J, Cui Y (2018) Overview of botnet detection based on machine learning. In: 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE) (pp 476–479). IEEE
Gaonkar S, Dessai NF, Costa J, Borkar A, Aswale S, Shetgaonkar P (2020) A survey on botnet detection techniques. In: 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE) (pp. 1–6). IEEE
Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutorials 17(4):2242–2270
Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. arXiv preprint arXiv:1502.03167.
Kasabov NK (2019) Time-space, spiking neural networks and brain-inspired artificial intelligence. Heidelberg: Springer. 1 ed. Berlin, 2018. 738 p
Kaur G (2018) A novel distributed machine learning framework for semi-supervised detection of botnet attacks. In 2018 Eleventh International Conference on Contemporary Computing (IC3) (pp. 1–7). IEEE
Kebande VR, Venter HS (2014) A cognitive approach for botnet detection using Artificial Immune System in the cloud. In: IEEE 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 52–57)
Ko B, Kim HG, Choi HJ (2017) Controlled dropout: a different dropout for improving training speed on deep neural network. In: 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC) (pp. 972–977). IEEE
Li X, Wang J, Zhang X (2017) Botnet detection technology based on DNS. Future Internet 9(4):55
Maeda S, Kanai A, Tanimoto S, Hatashima T, Ohkubo K (2019) A botnet detection method on SDN using deep learning. In: 2019 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6). IEEE
Mathur L, Raheja M, Ahlawat P (2018) Botnet detection via mining of network traffic flow. Procedia Comput Sci 132:1668–1677
McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep Learning approaches. In: 2018 international joint conference on neural networks (IJCNN) (pp 1–8). IEEE
Mighan SN, Kahani M (2020) A novel scalable intrusion detection system based on deep learning. Int J Inf Secur 1–17
Rashid N, Iqbal J, Mahmood F, Abid A, Khan US, Tiwana MI (2018) Artificial immune system–Negative selection classification algorithm (NSCA) for four class electroencephalogram (EEG) Signals. Front Hum Neurosci 12:439
Saurabh P, Verma B (2016) An efficient proactive artificial immune system based anomaly detection and prevention system. Expert Syst Appl 60:311–320
Shi WC, Sun HM (2020) DeepBot: a time-based botnet detection with deep learning. Soft Comput
Thangapandiyan M, Anand PR (2016) An efficient botnet detection system for P2P botnet. In: 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET) (pp. 1217–1221). IEEE
Torres P, Catania C, Garcia S, Garino CG (2016) An analysis of recurrent neural networks for botnet detection behavior. In 2016 IEEE biennial congress of Argentina (ARGENCON) (pp. 1–6). IEEE
Tosin SIT, Gbenga JR (2020) Negative selection algorithm based intrusion detection model. In 2020 IEEE 20th Mediterranean Electrotechnical Conference (MELECON) (pp. 202–206). IEEE
Vormayr G, Zseby T, Fabini J (2017) Botnet communication patterns. IEEE Communications Surveys & Tutorials 19(4):2768–2796
Wang J, Paschalidis IC (2016) Botnet detection based on anomaly and community detection. IEEE Trans Control Netw Syst 4(2):392–404
Wang K, Huang CY, Lin SJ, Lin YD (2011) A fuzzy pattern-based filtering algorithm for botnet detection. Comput Netw 55(15):3275–3286
Wang S, Yan Q, Chen Z, Yang B, Zhao C, Conti M (2017) Detecting android malware leveraging text semantics of network flows. IEEE Trans Inf Forensics Secur 13(5):1096–1109
Yang Z, Wang B (2019) A feature extraction method for P2P botnet detection using graphic symmetry concept. Symmetry 11(3):326
Yerima SY, Alzaylaee MK (2020) Mobile botnet detection: a deep learning approach using convolutional neural networks. In: 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) (pp. 1–8). IEEE
Zhao D, Traore I, Ghorbani A, Sayed B, Saad S, Lu W (2012) Peer to peer botnet detection based on flow intervals. In: IFIP International Information Security Conference (pp. 87–102). Springer, Berlin, Heidelberg
Zhuang D, Chang JM (2019) Detecting peer-to-peer botnets through community behavior analysis. In: 2017 IEEE Conference on Dependable and Secure Computing (pp. 493–500). IEEE
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Hosseini, S., Nezhad, A.E. & Seilani, H. Botnet detection using negative selection algorithm, convolution neural network and classification methods. Evolving Systems 13, 101–115 (2022). https://doi.org/10.1007/s12530-020-09362-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-020-09362-1