An efficient reinforcement learning-based Botnet detection approach

Mohammad  Alauthman; Nauman Aslam; Mouhammd  Alkasassbeh; Suleman Khan; Ahmad  AL-qerem; Kim-Kwang  Raymond Choo

doi:10.1016/j.jnca.2019.102479

An efficient reinforcement learning-based Botnet detection approach

Mohammad Alauthman, Nauman Aslam, Mouhammd Alkasassbeh, Suleman Khan, Ahmad AL-qerem, Kim-Kwang Raymond Choo

Computer and Information Sciences Department

Research output: Contribution to journal › Article › peer-review

106 Citations (Scopus)

203 Downloads (Pure)

Abstract

The use of bot malware and botnets as a tool to facilitate other malicious cyber activities (e.g. distributed denial of service attacks, dissemination of malware and spam, and click fraud). However, detection of botnets, particularly peer-to-peer (P2P) botnets, is challenging. Hence, in this paper we propose a sophisticated traffic reduction mechanism, integrated with a reinforcement learning technique. We then evaluate the proposed approach using real-world network traffic, and achieve a detection rate of 98.3%. The approach also achieves a relatively low false positive rate (i.e. 0.012%).

Original language	English
Article number	102479
Journal	Journal of Network and Computer Applications
Volume	150
Early online date	2 Nov 2019
DOIs	https://doi.org/10.1016/j.jnca.2019.102479
Publication status	Published - 15 Jan 2020

Keywords

Botnet detection
Network security
Traffic reduction
Neural network
C2C
Reinforcement-learning

Access to Document

10.1016/j.jnca.2019.102479

JNCA-1Accepted author manuscript, 1.66 MBLicence: CC BY-NC-ND

Cite this

@article{69973b4301c6458788a444bbfafdaa3e,

title = "An efficient reinforcement learning-based Botnet detection approach",

abstract = "The use of bot malware and botnets as a tool to facilitate other malicious cyber activities (e.g. distributed denial of service attacks, dissemination of malware and spam, and click fraud). However, detection of botnets, particularly peer-to-peer (P2P) botnets, is challenging. Hence, in this paper we propose a sophisticated traffic reduction mechanism, integrated with a reinforcement learning technique. We then evaluate the proposed approach using real-world network traffic, and achieve a detection rate of 98.3%. The approach also achieves a relatively low false positive rate (i.e. 0.012%).",

keywords = "Botnet detection, Network security, Traffic reduction, Neural network, C2C, Reinforcement-learning",

author = "Mohammad Alauthman and Nauman Aslam and Mouhammd Alkasassbeh and Suleman Khan and Ahmad AL-qerem and {Raymond Choo}, Kim-Kwang",

year = "2020",

month = jan,

day = "15",

doi = "10.1016/j.jnca.2019.102479",

language = "English",

volume = "150",

journal = "Journal of Network and Computer Applications",

issn = "1084-8045",

publisher = "Academic Press",

}

TY - JOUR

T1 - An efficient reinforcement learning-based Botnet detection approach

AU - Alauthman, Mohammad

AU - Aslam, Nauman

AU - Alkasassbeh, Mouhammd

AU - Khan, Suleman

AU - AL-qerem, Ahmad

AU - Raymond Choo, Kim-Kwang

PY - 2020/1/15

Y1 - 2020/1/15

N2 - The use of bot malware and botnets as a tool to facilitate other malicious cyber activities (e.g. distributed denial of service attacks, dissemination of malware and spam, and click fraud). However, detection of botnets, particularly peer-to-peer (P2P) botnets, is challenging. Hence, in this paper we propose a sophisticated traffic reduction mechanism, integrated with a reinforcement learning technique. We then evaluate the proposed approach using real-world network traffic, and achieve a detection rate of 98.3%. The approach also achieves a relatively low false positive rate (i.e. 0.012%).

AB - The use of bot malware and botnets as a tool to facilitate other malicious cyber activities (e.g. distributed denial of service attacks, dissemination of malware and spam, and click fraud). However, detection of botnets, particularly peer-to-peer (P2P) botnets, is challenging. Hence, in this paper we propose a sophisticated traffic reduction mechanism, integrated with a reinforcement learning technique. We then evaluate the proposed approach using real-world network traffic, and achieve a detection rate of 98.3%. The approach also achieves a relatively low false positive rate (i.e. 0.012%).

KW - Botnet detection

KW - Network security

KW - Traffic reduction

KW - Neural network

KW - C2C

KW - Reinforcement-learning

U2 - 10.1016/j.jnca.2019.102479

DO - 10.1016/j.jnca.2019.102479

M3 - Article

SN - 1084-8045

VL - 150

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

M1 - 102479

ER -

An efficient reinforcement learning-based Botnet detection approach

Abstract

Keywords

Access to Document

Fingerprint

Cite this