Reducing the False Alarm Rates in Detecting Botnets Using the Combination of K-Nearest Neighbors and Stochastic Gradient Descent Algorithms

Document Type : Original Article

Author

Assistant Professor, Department of Computer Sciences, Golestan University, Gorgan, Iran.

10.48301/kssa.2024.423558.2754

Abstract

With the increasing expansion of networks connected to the internet, attackers' efforts against these networks have also grown. Therefore, many researchers have proposed solutions to deal with botnets that lead to remote contamination of systems. One of the main problems of existing methods is the high rate of false alarms produced by attack detection systems, including the rate of false positives and false negatives. In the present research, by using machine learning algorithms, these alarm rates were reduced. In the first stage of the proposed solution, the dataset entered a pre-processing stage so that outliers and noise data were identified and discarded. Then, using the K-Nearest Neighbor algorithm, the non-useful features that had no effect in determining the data class were excluded from the dataset. In the next step, the Gradient Descent algorithm was used to accurately detect the class of data and categorize them into normal data or botnet attack. Finally, by performing various tests on the CTU-13 and BoT-IoT datasets in both binary and multi-class modes, the values of the important criteria for evaluating the effectiveness of the botnet attack detection system were obtained. The results showed that in the CTU-13 dataset, in binary and multi-class mode, the false negative rates were 0.01 and 0.04, and the false positive rates were 0.01 and 0.05, respectively; and for the BoT-IoT dataset, in binary and multi-class mode, the false negative rates were 0.02 and 0.05 and the false positive rates were 0.03 and 0.05, respectively. Compared to other existing methods, the proposed method is superior and demonstrates a reduction in the rate of false alarms and improves efficiency.

Keywords

Main Subjects

References

[1] Debicha, I., Cochez, B., Kenaza, T., Debatty, T., Dricot, J-M., & Mees, W. (2023). Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems. Computers & Security, 129(4), 103176. https://doi.org/10.1016/j.cose.2023.103176
[2] He, K., Kim, D. D., & Asghar, M. R. (2023). Adversarial Machine Learning for Network Intrusion Detection Systems: A Comprehensive Survey. Institute of Electrical and Electronics Engineers Communications Surveys & Tutorials, 25(1), 538-566. https:/ /doi.org/10.1109/COMST.2022.3233793
[3] Raza, A., Siddiqui, H. U. R., Munir, K., Almutairi, M., Rustam, F., & Ashraf, I. (2022). Ensemble learning-based feature engineering to analyze maternal health during pregnancy and health risk prediction. Plos one, 17(11), e0276525. https://doi.org/10.1371/jour nal. pone.0276525
[4] Noori, A. (2022). A New Method for Detecting Influential Nodes in Social Network Graphs Using Deep Learning Techniques. Karafan Quarterly Scientific Journal, 19(1), 607-628. https://doi.org/10.48301/kssa.2022.310565.1786
[5] Ibrahim, W. N. H., Anuar, S., Selamat, A., Krejcar, O., Crespo, R. G., Herrera-Viedma, E., & Fujita, H. (2021). Multilayer Framework for Botnet Detection Using Machine Learning Algorithms. Institute of Electrical and Electronics Engineers Access, 9, 48753-48768. https://doi.org/10.1109/ACCESS.2021.3060778
[6] Dollah, R. F. M., Faizal, M. A., Arif, F., Mas’ud, M. Z., & Xin, L. K. (2018). Machine Learning for HTTP Botnet Detection Using Classifier Algorithms. Journal of Telecommunication, Electronic and Computer Engineering, 10(1-7), 27-30. https://j tec.utem.edu.my/jtec/article/view/3591
[7] Lee, S., Abdullah, A., Jhanjhi, N., & Kok, S. (2021). Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning. Peer Journal Computer Science, 7(6), e350. https://doi.org/10.7717/peerj-cs.350
[8] Khan, R. U., Zhang, X., Kumar, R., Sharif, A., Golilarz, N. A., & Alazab, M. (2019). An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers. Applied Sciences, 9(11), 2375. https://doi.org/10.3390/app9112375
[9] Alkahtani, H., & Aldhyani, T. H. (2021). Botnet attack detection by using CNN-LSTM model for Internet of Things applications. Security and Communication Networks, 2021, 1-23. https://doi.org/10.1155/2021/3806459
[10] Alissa, K., Alyas, T., Zafar, K., Abbas, Q., Tabassum, N., & Sakib, S. (2022). Botnet attack detection in iot using machine learning. Computational Intelligence and Neuroscience, 2022, 1-14. https://doi.org/10.1155/2022/4515642
[11] Rustam, F., Raza, A., Ashraf, I., & Jurcut, A. D. (2023, June 13-15). Deep Ensemble-based Efficient Framework for Network Attack Detection. 2023 21st Mediterranean Communication and Computer Networking Conference, Island of Ponza, Italy. https ://doi.org/10.1109/MedComNet58619.2023.10168864
[12] Bojarajulu, B., Tanwar, S., & Singh, T. P. (2023). Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model. Computers & Security, 126(2), 103064. https://doi.org/10.1016/j.cose.2022.103064
[13] Karthik, M. G., & Krishnan, M. B. M. (2021). Hybrid random forest and synthetic minority over sampling technique for detecting internet of things attacks. Journal of Ambient Intelligence and Humanized Computing, 1-11. https://doi.org/10.1007/s12652-021-03082-3
[14] Moorthy, R. S., & Pabitha, P. (2020). Optimal Detection of Phising Attack using SCA based K-NN. Procedia Computer Science, 171, 1716-1725. https://doi.org/10.1016/ j.procs.2020.04.184
[15] Liao, Y., & Vemuri, V. R. (2002). Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security, 21(5), 439-448. https://doi.org/10.1016/S0167-40 48(02)00514-X
[16] Jahromi, A. H., & Taheri, M. (2017, October 25-27). A non-parametric mixture of Gaussian naive Bayes classifiers based on local independent features. 2017 Artificial Intelligence and Signal Processing Conference, Shiraz, Iran. https://doi.org/10.1109/AISP.2017. 8324083
[17] Peppes, N., Daskalakis, E., Alexakis, T., Adamopoulou, E., & Demestichas, K. (2021). Performance of Machine Learning-Based Multi-Model Voting Ensemble Methods for Network Threat Detection in Agriculture 4.0. Sensors, 21(22), 7475. https://doi. org/10.3390/s21227475
[18] Bottou, L. (2012). Stochastic Gradient Descent Tricks. In G. Montavon, G. B. Orr, & K-R. Müller (Eds.), Neural Networks: Tricks of the Trade: Second Edition (2 ed.). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-35289-8_25
[19] García, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45, 100-123. https://doi.org/10.1016/j.co se.2014.05.011
[20] Ahmed, S., Khan, Z. A., Mohsin, S. M., Latif, S., Aslam, S., Mujlid, H., Adil, M., & Najam, Z. (2023). Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer Perceptron. Future Internet, 15(2), 76. https://doi.org/10.33 90/fi15020076
[21] Gong, D., & Liu, Y. (2022, May 20-22). A Mechine Learning Approach for Botnet Detection Using LightGBM. 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications, Changchun, China. https://doi.org/10.1109/CVIDLICCEA56201.2022.9824033
[22] Waskle, S., Parashar, L., & Singh, U. (2020, July 2-4). Intrusion Detection System Using PCA with Random Forest Approach. 2020 International Conference on Electronics and Sustainable Communication Systems, Coimbatore, India. https://doi.org/10.110 9/ICESC48915.2020.9155656
[23] Samunnisa, K., Kumar, G. S. V., & Madhavi, K. (2023). Intrusion detection system in distributed cloud computing: Hybrid clustering and classification methods. Measurement: Sensors, 25, 100612. https://doi.org/10.1016/j.measen.2022.100612
[24] Dietterich, T. G. (2000). An Experimental Comparison of Three Methods for Constructing Ensembles of Decision Trees: Bagging, Boosting, and Randomization. Machine Learning, 40(2), 139-157. https://doi.org/10.1023/A:1007607513941
[25] Sivamohan, S., Sridhar, S. S., & Krishnaveni, S. (2021, June 25-27). An Effective Recurrent Neural Network (RNN) based Intrusion Detection via Bi-directional Long Short-Term Memory. 2021 International Conference on Intelligent Technologies,  Hubli, India. https://doi.org/10.1109/CONIT51480.2021.9498552
[26] Wang, H., Gu, J., & Wang, S. (2017). An effective intrusion detection framework based on SVM with feature augmentation. Knowledge-Based Systems, 136, 130-139. https ://doi.org/10.1016/j.knosys.2017.09.014
Karafan Quarterly Scientific Journal
Volume 20, Issue 3
Engineering
December 2024
Pages 553-570

Files

History

  • Receive Date: 05 November 2023
  • Revise Date: 24 December 2023
  • Accept Date: 21 January 2024

Share

How to cite

Statistics