Premium
A self‐learning stream classifier for flow‐based botnet detection
Author(s) -
Nazemi Gelian Mahsa,
Mashayekhi Hoda,
Mashayekhi Yoosof
Publication year - 2019
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.4143
Subject(s) - botnet , computer science , classifier (uml) , machine learning , artificial intelligence , generalization , computer security , the internet , data mining , world wide web , mathematical analysis , mathematics
Summary Botnets have been recently recognized as one of the most formidable threats on the Internet. Different approaches have been designed to detect these types of attacks. However, as botnets evolve their behavior to mislead the signature‐based detection systems, learning‐based methods may be deployed to provide a generalization capacity in identifying unknown botnets. Developing an adaptable botnet detection system, which incrementally evolves with the incoming flow stream, remains as a challenge. In this paper, a self‐learning botnet detection system is proposed, which uses an adaptable classification model. The system uses an ensemble classifier and, in order to enhance its generalization capacity, updates its model continuously on receiving new unlabeled traffic flows. The system is evaluated with a comprehensive data set, which contains a wide variety of botnets. The experiments demonstrate that the proposed system can successfully adapt in a dynamic environment where new botnet types are observed during the system operation. We also compare the system performance with other methods.