A P2P Botnet Detection Scheme based on Decision Tree and Adaptive Multi-layer Neural Networks

Alauthman, Mohammad, Aslam, Nauman, Zhang, Li, Alasem, Rafe and Hossain, Alamgir (2018) A P2P Botnet Detection Scheme based on Decision Tree and Adaptive Multi-layer Neural Networks. Neural Computing and Applications, 29 (11). pp. 991-1004. ISSN 0941-0643

[img]
Preview
Text (Article)
Neural_Comp_P2P.pdf - Published Version
Available under License Creative Commons Attribution 4.0.

Download (880kB) | Preview
Official URL: http://dx.doi.org/10.1007/s00521-016-2564-5

Abstract

In recent years, Botnets have been adopted as a popular method to carry and spread many malicious codes on the Internet. These malicious codes pave the way to execute many fraudulent activities including spam mail, distributed denial-of-service attacks and click fraud. While many Botnets are set up using centralized communication architecture, the peer-to-peer (P2P) Botnets can adopt a decentralized architecture using an overlay network for exchanging command and control data making their detection even more difficult. This work presents a method of P2P Bot detection based on an adaptive multilayer feed-forward neural network in cooperation with decision trees. A classification and regression tree is applied as a feature selection technique to select relevant features. With these features, a multilayer feed-forward neural network training model is created using a resilient back-propagation learning algorithm. A comparison of feature set selection based on the decision tree, principal component analysis and the ReliefF algorithm indicated that the neural network model with features selection based on decision tree has a better identification accuracy along with lower rates of false positives. The usefulness of the proposed approach is demonstrated by conducting experiments on real network traffic datasets. In these experiments, an average detection rate of 99.08 % with false positive rate of 0.75 % was observed.

Item Type: Article
Uncontrolled Keywords: P2P Bot, Multilayer neural network, CART algorithm, TCP protocol, C&C, Resilient back-propagation
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Ellen Cole
Date Deposited: 10 Oct 2016 09:41
Last Modified: 01 Aug 2021 08:01
URI: http://nrl.northumbria.ac.uk/id/eprint/27603

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics