TITLE:
A Comparative Study of Machine Learning Algorithms and Their Ensembles for Botnet Detection
AUTHORS:
Songhui Ryu, Baijian Yang
KEYWORDS:
Machine Learning, Ensemble Method, Botnet, CTU-13
JOURNAL NAME:
Journal of Computer and Communications,
Vol.6 No.5,
May
31,
2018
ABSTRACT: A Botnet is a network of compromised devices that are controlled by malicious “botmaster” in order to perform various tasks, such as executing DoS attack, sending SPAM and obtaining personal data etc. As botmasters generate network traffic while communicating with their bots, analyzing network traffic to detect Botnet traffic can be a promising feature of Intrusion Detection System. Although such system has been applying various machine learning techniques, comparison of machine algorithms including their ensembles on botnet detection has not been figured out. In this study, not only the three most popular classification machine learning algorithms—Naive Bayes, Decision tree, and Neural network are evaluated, but also the ensemble methods known to strengthen classifier are tested to see if they indeed provide enhanced predictions on Botnet detection. This evaluation is conducted with the CTU-13 public dataset, measuring the training time of each classifier and its F measure and MCC score.