The effects of feature selection on the classification of encrypted botnet
- PDF / 3,651,245 Bytes
- 14 Pages / 595.276 x 790.866 pts Page_size
- 108 Downloads / 176 Views
ORIGINAL PAPER
The effects of feature selection on the classification of encrypted botnet Zahian Ismail1
· Aman Jantan1 · Mohd. Najwadi Yusoff1 · Muhammad Ubale Kiru1
Received: 22 November 2019 / Accepted: 31 August 2020 © Springer-Verlag France SAS, part of Springer Nature 2020
Abstract Many applications today are using an encrypted channel to secure their communication and transactions. Though, their security is often challenged by adversaries such as Botnet. Botnet leverages the encrypted channel to launch attacks and amplify the impact of attacks. The numbers of Botnet attacks over an encrypted channel are increasing and continue to cause a great loss of money. This study proposes an encrypted Botnet detection technique based on packet header analysis. This technique does not require deep packet inspection and intense traffic analysis. However, the proposed technique requires the analysis of the features taken from the packet header, which are essential for detection. The study endeavors to show that features selected can significantly affect the classification of encrypted Botnet. Therefore, in this paper, the researchers focus on the effects of feature selection on the classification of encrypted Botnet. The researchers use different classification mode (full training and 10-fold cross-validation) mainly by using seven features (7-features) and three features (3-features). Seven features are the number of features extracted from the packet header, and after the feature selection, only three features out of the seven features have weight (value). Therefore, the three features are the most significant features from the seven features that have been extracted. Generally, the result shows that classification with three most significant features provides higher true positive compared to the 7-features classification. Different machine learning algorithms have been used for the classification. Relatively, the results show that the True Positives are higher for 3-features classification than 7-features classification. Keyword Encrypted botnet · Feature selection · Classification · Packet header analysis · Machine learning
1 Introduction A Botnet is a network of compromised computers, controlled by botmaster with intent to perform malicious activities. Originally, Botnet has been created for useful purposes, for example, to assist in the management of the Internet Relay Chat (IRC). However, adversaries with malicious intent started to realize the capability of Botnet. Since then, Botnet has been used as a vector to launch attacks and to amplify the impact of the attacks. The botnet also leverages the current technology to stay relevant in the network and to avoid detection. Nowadays, many applications are using encrypted channels to secure their communication and transaction, for example, email, social media networks, and banking applications. Once the attacker sees the potential to exploit this
B 1
Zahian Ismail [email protected] School of Computer Sciences, Universiti Sains Malaysia, George Town, Malaysi
Data Loading...
