Leveraging Network Traffic Byte-Streams for Machine Learning Based Early Botnet Attack Detection
Botnet attacks can overwhelm networks and severely affect the availability of services. Anomaly based detection techniques using machine learning are effective against zero-day attacks. However, they require complex data preprocessing and feature extraction which can affect the early detection of bo...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , |
| Published: |
2025
|
| Online Access: | https://bspace.buid.ac.ae/handle/1234/3146 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Botnet attacks can overwhelm networks and severely affect the availability of services. Anomaly based detection techniques using machine learning are effective against zero-day attacks. However, they require complex data preprocessing and feature extraction which can affect the early detection of botnet attacks. In this paper we propose a novel approach, for early detection of botnet attacks using machine learning models that learn from byte representation of raw network traffic flows. The study departs from the traditional approach of network-based intrusion detection which relies on flow statistics and other hand-crafted features. We discuss our framework which includes light weight network traffic pre-processing, transformation, and model training. We used the CTU-13 dataset to evaluate the proposed byte-based botnet detection system. Our results show that byte-based representation can provide an effective and ultra lightweight means of developing network intrusion detection systems that can match the performance of traditional approaches, while also enabling early detection of botnet attacks. In our experiments we achieved accuracy of 99.9% consistently across different byte stream sizes for the Decision Tree and Logistic Regression classifiers. |
|---|