Skip to main content
SpringerLink
Log in

Botnet traffic identification using neural networks

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Advancement of information and communication techniques have led to share big amount of information which is increasing day by day through online activities and creating new added value over the internet services. At the same time threats to the security of cyber world has been increased with increasing number of heterogeneous connection points having powerful computational capacity. Internet being used to interact and control such automatic network devices connected to it. But hackers/crackers can exploit this network environment by putting malicious dummy node(s) or machine(s) called Botnet(s) to co-ordinate the attacks on security such as Denial of Service (DoS) or Distributed Denial of Service (DDoS). The proposed method attempts to identify those mallicious Botnet traffic from regular traffic using novel deep learning approaches like Artificial Neural Networks (ANN), Gatted Recurrent Units (GRU), Long or Short Term Memory (LSTM) model. The proposed model demonstrates significant improvement of all previous works. The testing dataset, Bot-IoT dataset is the latest and one of the largest public domain dataset used to justify improvement. Testing shows 99.7% classification accuracy which is precise and better than all previous works done. Results analysis and comparison shows the accuracy and supremacy over the latest work done on this field.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Alomari E, Manickam S, Gupta B, Singh P, Anbar M (2014) Design, deployment and use of http-based botnet (hbb) testbed; 16th IEEE International Conference on Advanced Communication Technology (ICACT), South Korea, pp. 1265–1269

  2. Apthorpe N, Reisman D, Feamster NA (2017) A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. CoRR, abs/1705.06805

  3. Bartlett G, Heidemann J, Papadopoulos C (2007) Understanding passive and active service discovery (extended); Tech rep. Technical Report ISI-TR- 2007–642, USC/Information Sciences Institute

  4. Bot-iot (2018). URLhttps://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/bot_iot.php

  5. Caberera J, Ravichandran B, Mehra R (2000) Statistical traffic modeling for network intrusion detection; Proceedings of the 8th International Symposium on Modeling , Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728); , pp 466–473

  6. Cho K, Merrienboer BV, Gulcehre C, Bahdanau D, Bougares F, Schwenk H, Bengio Y (2014) Learning phrase representations using RNN encoder-decoder for statistical machine translation; Proc Conference on Empirical Methods in Natural Language Processing 1724–1734

  7. Cui L, Yang S, Chen F (2018) A survey on application of machine learning for internet of things. Int J Mach Learn Cybern 9:1399–1417. https://doi.org/10.1007/s13042-018-0834-5

    Article  Google Scholar 

  8. Delgado MF, Cernadas E, Barro S, Amorim DG Do we need hundreds of classifiers to solve real world classification problems? J Mach Learn Res 15(1):3133–3181

  9. Doshi R, Apthorpe N, Feamster N (2018) Machine Learning DDoS Detection for Consumer Internet of Things Devices; IEEE security and privacy workshops (SPW). San Francisco, CA, 2018, pp. 29–35. https://doi.org/10.1109/SPW.2018.00013.

  10. Hadiantol R, Purboyo TW (2018) A Survey Paper on Botnet Attacks and Defenses in Software Defined Networking. Int J Appl Eng Res, ISSN 0973–4562 13(1):483–489

    Google Scholar 

  11. Hao S, Syed NA, Feamster N, Gray AG, Krasser S (2000) Detecting spammers with snare: Spatio-temporal networklevel automatic reputation engine; USENIX security symposium, vol. 9

  12. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735

    Article  Google Scholar 

  13. Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324

    Article  Google Scholar 

  14. Jesudoss A, Subramaniam N (2014) A survey on authentication attacks and counter- measures in a distributed environment. Indian J Comput Sci Eng (IJCSE) 5(2):71–77 ISSN : 0976–5166

    Google Scholar 

  15. Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DFoS in the IoT: Mirai and other botnets. IEEE Computer 50(7):80–84 ISSN 0018-9162

    Article  Google Scholar 

  16. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2018) Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset; https://arxiv.org/abs/1811.00701

  17. Revathi S, Malathi A (2013) A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection; 2013; Int J Eng Res Technol, Volume 02, Issue 12

  18. Samani EBB, Hadian HJ, Stakhanova N, Ghorbani AA (2014) Towards effective feature selection in machine learning-based botnet detection approaches, IEEE Conference on Communications and Network Security (CNS) - San Francisco, CA, USA, pp 247–255

  19. Sharafaldin I, Lashkari A, Ghorbani A (2018) Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization.; Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pp.108–116, ISBN: 978-989-758-282-0

  20. Shiravi A, Shirazi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374

  21. Sivanathan A, Sherratt D, Gharakheili HH, Sivaraman V, Vishwanath A (2016) Low-cost flow-based security solutions for smart-home IoT devices; 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Bangalore, pp. 1–6. https://doi.org/10.1109/ANTS.2016.7947781.

  22. Soni D, Makwana A (2017) A survey on mqtt: A protocol of internet of things (iot); Proceedings of the International Conference On Telecommunication, Power Analysis And Computing Techniques (ICTPACT-2017); Chennai, India. 6–8 April 2017

  23. Srivastava T (2014) How does artificial neural network (ANN) algorithm work? Simplified!; OCTOBER 20. https://www.analyticsvidhya.com/blog/2014/10/ann-work-simplified/

  24. Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 8:16–19

    Article  Google Scholar 

  25. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A Detailed Analysis of the KDD CUP 99 Data Set”; Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009 IEEE symposium on computational intelligence for security and defense applications, Ottawa, ON, pp. 1–6, doi: https://doi.org/10.1109/CISDA.2009.5356528

  26. Thomas R, Pavithran D (2018) A Survey of Intrusion Detection Models based on NSL-KDD Data Set; 2018 Fifth HCT Information Technology Trends (ITT), pp.286–291

  27. Wang X, Zhao Y, Pourpanah F (2020) Recent advances in deep learning. Int J Mach Learn & Cyber 11:747–750. https://doi.org/10.1007/s13042-020-01096-5

    Article  Google Scholar 

  28. Yuan X-Y., Li C., Li X (2017) DeepDefense: Identifying DDoS attack via deep learning"; IEEE international conference on smart computing (SMARTCOMP), Hong Kong, China, pp. 1–8, doi: https://doi.org/10.1109/SMARTCOMP.2017.7946998.

Download references

Author information

Authors and Affiliations

  1. Heritage Institute of Technology, Kolkata, India

    Rajib Biswas

  2. Tata Consultancy Services, Mumbai, India

    Sambuddha Roy

Authors
  1. Rajib Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sambuddha Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajib Biswas.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Biswas, R., Roy, S. Botnet traffic identification using neural networks. Multimed Tools Appl 80, 24147–24171 (2021). https://doi.org/10.1007/s11042-021-10765-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-021-10765-8

Keywords

Search

Navigation