Show simple item record

dc.contributor.authorIbrahim, Wan Nur Hidayah
dc.contributor.authorHerrera Viedma, Enrique 
dc.date.accessioned2021-04-21T11:44:03Z
dc.date.available2021-04-21T11:44:03Z
dc.date.issued2021-02-22
dc.identifier.citationW. N. H. Ibrahim et al., "Multilayer Framework for Botnet Detection Using Machine Learning Algorithms," in IEEE Access, vol. 9, pp. 48753-48768, 2021, [doi:10.1109/ACCESS.2021.3060778]es_ES
dc.identifier.urihttp://hdl.handle.net/10481/68044
dc.descriptionThe authors wish to thank Universiti Teknologi Malaysia (UTM) for its support under Research University Grant Vot- 20H04, Malaysia Research University Network (MRUN) Vot 4L876. The authors would like to acknowledge that this work was supported/funded by the Ministry of Higher Education under the Fundamental Research Grant Scheme (FRGS/1/2018/ICT04/UTM/01/1). The work was also partially supported by the Specific Research project (SPEV) at the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic, under Grant 2102-2021. The authors are grateful for the support of student Sebastien Mambou in consultations regarding application aspects. The authors also wish to thank the Ministry of Education Malaysia for the Hadiah Latihan Persekutuan (HLP) scholarship to complete the research.es_ES
dc.description.abstractA botnet is a malware program that a hacker remotely controls called a botmaster. Botnet can perform massive cyber-attacks such as DDOS, SPAM, click-fraud, information, and identity stealing. The botnet also can avoid being detected by a security system. The traditional method of detecting botnets commonly used signature-based analysis unable to detect unseen botnets. The behavior-based analysis seems like a promising solution to the current trends of botnets that keep evolving. This paper proposes a multilayer framework for botnet detection using machine learning algorithms that consist of a ltering module and classi cation module to detect the botnet's command and control server. We highlighted several criteria for our framework, such as it must be structure-independent, protocol-independent, and able to detect botnet in encapsulated technique. We used behavior-based analysis through ow-based features that analyzed the packet header by aggregating it to a 1-s time. This type of analysis enables detection if the packet is encapsulated, such as using a VPN tunnel. We also extend the experiment using different time intervals, but a 1-s time interval shows the most impressive results. The result shows that our botnet detection method can detect up to 92% of the f-score, and the lowest false-negative rate was 1.5%.es_ES
dc.description.sponsorshipUniversiti Teknologi Malaysia (UTM) through the Research University Vot-20H04es_ES
dc.description.sponsorshipMalaysia Research University Network (MRUN) Vot4L876es_ES
dc.description.sponsorshipMinistry of Higher Education through the Fundamental Research Grant Scheme FRGS/1/2018/ICT04/UTM/01/1es_ES
dc.description.sponsorshipHadiah Latihan Persekutuan (HLP) Scholarship through the Ministry of Education Malaysiaes_ES
dc.description.sponsorshipSpecific Research Project (SPEV) by the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republices_ES
dc.language.isoenges_ES
dc.publisherIEEE (Institute of Electrical and Electronics Engineers)es_ES
dc.rightsAtribución 3.0 España*
dc.rights.urihttp://creativecommons.org/licenses/by/3.0/es/*
dc.subjectBehavior-based analysises_ES
dc.subjectBotnetes_ES
dc.subjectFlow-based feature selectiones_ES
dc.subjectK-nearest neighbores_ES
dc.subjectStructure independentes_ES
dc.titleMultilayer framework for botnet detection using machine learning algorithmses_ES
dc.typeinfo:eu-repo/semantics/articlees_ES
dc.rights.accessRightsinfo:eu-repo/semantics/openAccesses_ES
dc.identifier.doi10.1109/ACCESS.2021.3060778
dc.type.hasVersioninfo:eu-repo/semantics/publishedVersiones_ES


Files in this item

[PDF]

This item appears in the following Collection(s)

Show simple item record

Atribución 3.0 España
Except where otherwise noted, this item's license is described as Atribución 3.0 España