BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning

Botnets, an army of remotely controlled compromised devices called bots, routinely cause severe damage to infrastructures and organizations. Since the attacker uses millions of diverse internet-enabled devices and always has extra resources to increase the attack intensity, traditional counterattack measures fail to handle the enormous volumes of network traffic generated from a bot army. Consequently, there is a demand for a robust botnet defense system that can handle the massive volume of network traffic and detect botnet attacks with high accuracy. In this work, we propose BotDefender, a collaborative framework that protects against botnet attacks. BotDefender combines a proposed network traffic analyzer and machine learning technique to prevent botnet attacks. The proposed network traffic analyzer performs an in-depth traffic analysis to detect bots and filter out all the traffic from the identified bots. It significantly reduces network traffic by filtering out a huge amount of traffic from the bots and transfers significantly reduced amounts of traffic to the machine learning model for further analysis. The machine learning model is powered by a novel feature selection technique, an extended dataset construction technique inspired by human learning patterns and a stacking ensemble-based machine learning model, to detect bots. Our experiments exhibit a consistent performance of the proposed machine learning model. Finally, to evaluate the performance of BotDefender, we design and develop a live botnet attack strategy. During the live experiment, BotDefender filters out 99.8% of the botnet traffic and achieves an overall accuracy of 100%.

Automated summary

This paper introduces BotDefender, a collaborative framework for protecting against botnet attacks. The framework combines a network traffic analyzer and machine learning techniques to detect and defend against botnet attacks. The network traffic analyzer performs in-depth analysis to identify and filter out botnet-related traffic, significantly reducing the network traffic load and forwarding only a reduced amount of traffic to the machine learning model for further analysis. The machine learning model, powered by a novel feature selection technique and an ensemble-based approach, exhibits consistent performance in detecting bots. Experimental results show that BotDefender filters out 99.8% of botnet traffic and achieves an overall accuracy of 100%.