Project

Detecting botnet traffic using machine learning

Project (M.S., Computer Science)--California State University, Sacramento, 2017.

Over the past few years, many cybersecurity incidents were reported worldwide through distributed denial of service attacks. Many of these attacks were conducted through botnet, which usually consists of a group of infected computers, smartphones or IoT devices. Botnets can be used to perform malicious activities, such as launching distributed denial of service attacks, sending spam emails and compromising sensitive information, and so on. The botnet detection in network security becomes important and gains the attention of researchers worldwide.
 
 This report proposes a solution to detect botnet traffic using machine learning approach. First, we used datasets from Malware Capture Facility Project. The datasets contain network traffic data that is collected from the victim target machine. The network traffic data includes both botnet traffic and normal traffic. Second, we preprocessed the traffic data and extracted features such as source address, destination address, port, packet size and so on. Third, we applied the machine learning algorithm to classify botnet and normal traffic. The botnet detection module is trained with one large dataset comprised of both botnet and normal traffic records. After gaining good accuracy for the trained model, another dataset is fed to the module for detection purpose. The proposed approach is able to detect the botnet traffic with good accuracy.

Over the past few years, many cybersecurity incidents were reported worldwide through distributed denial of service attacks. Many of these attacks were conducted through botnet, which usually consists of a group of infected computers, smartphones or IoT devices. Botnets can be used to perform malicious activities, such as launching distributed denial of service attacks, sending spam emails and compromising sensitive information, and so on. The botnet detection in network security becomes important and gains the attention of researchers worldwide. This report proposes a solution to detect botnet traffic using machine learning approach. First, we used datasets from Malware Capture Facility Project. The datasets contain network traffic data that is collected from the victim target machine. The network traffic data includes both botnet traffic and normal traffic. Second, we preprocessed the traffic data and extracted features such as source address, destination address, port, packet size and so on. Third, we applied the machine learning algorithm to classify botnet and normal traffic. The botnet detection module is trained with one large dataset comprised of both botnet and normal traffic records. After gaining good accuracy for the trained model, another dataset is fed to the module for detection purpose. The proposed approach is able to detect the botnet traffic with good accuracy.

Relationships

Items