Security Hardening of Botnet Detectors using Generative Adversarial Networks

Rizwan Hamid Randhawa*, Nauman Aslam, Mohammad Alauthman, Husnain Rafiq, Frank Comeau

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

34 Downloads (Pure)

Abstract

Machine learning (ML) based botnet detectors are no exception to traditional ML models when it comes to adversarial evasion attacks. The datasets used to train these models have also scarcity and imbalance issues. We propose a new technique named Botshot, based on generative adversarial networks (GANs) for addressing these issues and proactively making botnet detectors aware of adversarial evasions. Botshot is cost-effective as compared to the network emulation for botnet traffic data generation rendering the dedicated hardware resources unnecessary. First, we use the extended set of network flow and time-based features for three publicly available botnet datasets. Second, we utilize two GANs (vanilla, conditional) for generating realistic botnet traffic. We evaluate the generator performance using classifier two-sample test (C2ST) with 10-fold 70-30 train-test split and propose the use of ’recall’ in contrast to ’accuracy’ for proactively learning adversarial evasions. We then augment the train set with the generated data and test using the unchanged test set. Last, we compare our results with benchmark oversampling methods with augmentation of additional botnet traffic data in terms of average accuracy, precision, recall and F1 score over six different ML classifiers. The empirical results demonstrate the effectiveness of the GAN-based oversampling for learning in advance the adversarial evasion attacks on botnet detectors.

Original languageEnglish
Pages (from-to)78276-78292
Number of pages17
JournalIEEE Access
Volume9
Early online date24 May 2021
DOIs
Publication statusPublished - 3 Jun 2021

Fingerprint

Dive into the research topics of 'Security Hardening of Botnet Detectors using Generative Adversarial Networks'. Together they form a unique fingerprint.

Cite this