International Journal of Science, Engineering and TechnologyAuthors: Mridula Singh, Shilpy Sharma, Sagar Chaudhary
Abstract: Malicious attempts known as distributed denial-of-service attacks because target services to be unavailable to legitimate users by sending many service requests that exceed the processing capacity of the services. Detection of botnet traffic is therefore critical to maintaining the availability and quality of the services while identification of the type of botnet attacks helps system administrators quickly figure out which part of the computer and network system are under attacks. The focus of existing research is on rule-based detection, which establishes rules in the network firewall to deny suspicious traffic that matches the rules. The emergence of machine learning and deep learning (ML/DL) has led to the development of preliminary works to learn botnet traffic behavior and perform detection. It is possible to enhance the performance of existing ML/DL models, but their decision-making and prediction are not transparent, which makes it hard for users to interpret and trust the results. In this work, we develop a novel deep learning model for botnet detection and classification, which has the ability to explain the model's decisions. Convolutional neural networks' latent representation of traffic feature allows us to detect if a traffic record is generated by a bot and then identify the type of bot responsible for the record. The predictions of the developed deep learning model are interpreted using an existing explainable framework. Extensive experiments are conducted with both realistic network traffic and synthetic traffic generated by the IXIA Breaking Point System. Various performance metrics are used to compare the developed model with existing models. The test results indicate that the developed model surpasses the current machine learning classifiers by up to 15% on all performance metrics, while providing a straightforward explanation of the model decision.
DOI: http://doi.org/10.5281/zenodo.20338856
