Main Article Content
In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of manyresearch efforts. This research aims to overcome two serious limitations of current botnet detection systems:First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. Toachieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we haveidentified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.Then, we have carried several machine learning experiments in order to test the suitability of ML techniques andalso to pick a minimal subset of the identified features that provide best detection. We have implemented ourapproach in a tool called BotCap whose test results showed its proven ability to detect individually infected hostsin a local network.
How to Cite
Gadelrab, M. S., ElSheikh, M., Ghoneim, M. A., & Rashwan, M. (2022). BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features. International Journal of Communication Networks and Information Security (IJCNIS), 10(3). https://doi.org/10.17762/ijcnis.v10i3.3624 (Original work published December 19, 2018)