Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks

doi:10.22266/ijies2022.0831.48

Cited by 14 publications

(13 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bot activity is obtained by extracting bot behavior from scenario 1 to 13 datasets on CTU-13 and NCC [1 , 2] . The extraction process is carried out to analyze bot attack behavior and normal behavior [3] , whose extraction path is shown in Fig. 4 .…”

Section: Experimental Design Materials and Methodsmentioning

confidence: 99%

“…The dataset simulates botnet attacks using botnet activities described in CTU-13 [1] and NCC [2] . The simulation extracts all scenarios from those two datasets to determine attack activities, attack phases, and the time difference between attacks and normal activities [3] , leading to four scenarios represented by the corresponding sub-datasets. Additionally, it is assumed that this simulation employs three sensors.…”

Section: Data Descriptionmentioning

confidence: 99%

See 1 more Smart Citation

Botnet dataset with simultaneous attack activity

Putra¹,

Hostiadi²,

Ahmad³

2022

Data in Brief

View full text Add to dashboard Cite

Section: Experimental Design Materials and Methodsmentioning

confidence: 99%

Section: Data Descriptionmentioning

confidence: 99%

Botnet dataset with simultaneous attack activity

Putra¹,

Hostiadi²,

Ahmad³

2022

Data in Brief

View full text Add to dashboard Cite

“…Basically, data transformation is a series of techniques used to change raw data into a form or format that is more suitable or useful for machine learning models. Data transformation was implemented in this research because several categorical features in the dataset need to be converted to numerical data [31]. This is an essential step because categorical data cannot be processed with some machine learning methods.…”

Section: Data Preprocessingmentioning

confidence: 99%

Analysis of Weight-Based Voting Classifier for Intrusion Detection System

2024

IJIES

View full text Add to dashboard Cite

The evolution of technology and the internet has accelerated the pace of communication and information exchange. Despite technological advancements, the significant weakness lies in the persistent threat of cybercrime, manifesting in various forms like malware, phishing, and ransomware. To solve the cybercrime problems, this research aims to create an intrusion detection system model using a novel framework. In general, the proposed method consists of 3 stages: Data preprocessing, feature selection using ANOVA F-value combined with cross validation, and classification using weight-based voting classifier. Some machine learning methods used in the weight-based voting classifier are random forest, K-nearest neighbour, and logistic regression. The experiment results show that weight order and weight combination affect the detection performance. The proposed method produces an excellent precision value of 98.66%, higher than the single voting classifier.

show abstract

“…This detection model has been widely developed because it produces optimal reliability, simplicity, accuracy, and time processing [8][9][10]. Signature-based models extract botnet attack characteristics such as attack communication pattern behavior [11], features [12], attack sequential patterns [6], number of attack stages [13], and attack time gap [14]. However, there needs to be more focus on analyzing botnet communication intensity using visualization with a graph analysis approach.…”

Section: Introductionmentioning

confidence: 99%

Botnet Attack Analysis through Graph Visualization

2024

IJIES

View full text Add to dashboard Cite

Botnet attacks on computer networks require proper handling because they can have dangerous consequences. Botnets are dynamic and able to evolve quickly. A botnet can resemble normal activity, making it challenging to detect. Previous research has introduced botnet detection models but has not focused on analyzing intensity behavior based on incoming and outgoing flows in graph visualization. This analysis is needed to get the botnet attack flow. This paper proposes a detection and comprehensive analysis of botnet attack behavior based on a directed graph. The goal is to detect the attacker and extract the behavior from the directed graph. First, all network traffic is grouped based on the time distance between activities. Visualization is carried out by representing the attacker and target as nodes in every activity group and analyzing the direction of communication in the form of in-degree and out-degree. Meanwhile, interactions are represented in edges and weighted edges based on activity intensity. Then, all graph representation is extracted for classification using random forest, decision tree, support vector classification, Naïve bayes, k -nearest neighbors, logistic regression, and XGBoost. In the experiment, three different datasets are used, namely CTU-13, NCC-1, and NCC-2. The proposed approaches perform well, with an average of 99.97% accuracy, 46.82% precision, and 83.33% recall. These results can form a knowledge base of botnet attacks that can be used in attack detection models on the network.

show abstract

Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks

Cited by 14 publications

References 26 publications

Botnet dataset with simultaneous attack activity

Botnet dataset with simultaneous attack activity

Analysis of Weight-Based Voting Classifier for Intrusion Detection System

Botnet Attack Analysis through Graph Visualization

Contact Info

Product

Resources

About