BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

Authors

  • Mohammed S. Gadelrab National Institute for Standards
  • Muhammad ElSheikh Concordia University
  • Mahmoud A. Ghoneim George Washington University
  • Mohsen Rashwan Cairo University

DOI:

https://doi.org/10.17762/ijcnis.v10i3.3624

Abstract

In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of manyresearch efforts. This research aims to overcome two serious limitations of current botnet detection systems:First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. Toachieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we haveidentified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.Then, we have carried several machine learning experiments in order to test the suitability of ML techniques andalso to pick a minimal subset of the identified features that provide best detection. We have implemented ourapproach in a tool called BotCap whose test results showed its proven ability to detect individually infected hostsin a local network.

Downloads

Published

2018-12-19 — Updated on 2022-04-17

Versions

How to Cite

Gadelrab, M. S., ElSheikh, M., Ghoneim, M. A., & Rashwan, M. (2022). BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features. International Journal of Communication Networks and Information Security (IJCNIS), 10(3). https://doi.org/10.17762/ijcnis.v10i3.3624 (Original work published December 19, 2018)

Issue

Vol. 10 No. 3 (2018)

Section

Research Articles