Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (11): 373-381.doi: 10.11896/jsjkx.241100019

• Information Security • Previous Articles     Next Articles

Intelligent Botnet Traffic Detection Method Based on Multi-granularity Statistical Features

ZHANG Haixia1, HUANG Kezhen1, LIAN Yifeng1, ZHAO Changzhi2, YUAN Yunjing1, PENG Yuanyuan1   

  1. 1 Trusted Computing and Information Assurance Laboratory,Institute of Software,The Chinese Academy of Science,Beijing 100190,China
    2 Institute of Information Engineering,The Chinese Academy of Science,Beijing 100085,China
  • Received:2024-11-04 Revised:2025-03-04 Online:2025-11-15 Published:2025-11-06
  • About author:ZHANG Haixia,born in 1981,Ph.D,associate professor.Her main research interest is cyber information security.
    HUANG Kezhen,born in 1988,Ph.D,associate professor.His main research interests include cyber security situation and cyber threat intelligence.
  • Supported by:
    National Key Research and Development Program of China(2023YFB3107203).

PDF (PC)

23

Abstract: With the rapid development of information technology,botnet attacks have become a higly harmful cyber security threat.Botnet detection and disposal can prevent attackers from launching other derivative attacks based on botnets.The current botnet detection methods have limitations such as single feature selection perspective,easy to be bypassed or high false alarm rate.In response to these limitations,this paper proposes an intelligent botnet traffic detection method based on multi-granularity statistical features.This method extracts local coarse-grained statistical features of the network flows to be detected and global fine-grained profile of the source IP based on historical network flows,and then uses the long-short term memory networks with a multi-head attention mechanism to mine the difference in these features between benign network flows and botnet flows at different times.The botnet is ultimately identified based on these differences.Comparative experiments are conducted on the CTU-13 and ISCX botnet datasets,the proposed method achieves more than 99% in accuracy,precision,recall and F1 score.

Key words: Cyber attack, Botnet, Statistical features, Attention mechanism, Long-short term memory

CLC Number: 

  • TP311.1
[1]Office of Public Affairs.Qakbot Malware Disrupted in International Cyber Takedown[EB/OL].https://www.justice.gov/opa/pr/qakbot-malware-disrupted-international-cyber-takedown.
[2]MAHMOUD M,NIR M,MATRAWY A.A survey on botnet architectures,detection and defences[J].International Journal of Network Security,2015,17(3):264-281.
[3]BEER F,BÜHLER U.Feature selection for flow-based intru-sion detection using rough set theory[C]//2017 IEEE 14th International Conference on Networking,Sensing and Control(ICNSC).IEEE,2017:617-624.
[4]CLAISE B.Cisco systems netflow services export version 9[R].2004.
[5]KONDO S,SATO N.Botnet traffic detection techniques byC&C session classification using SVM[C]//International Workshop on Security.Berlin:Springer,2007:91-104.
[6]AYO F E,AWOTUNDE J B,FOLORUNSO S O,et al.A genomic rule-basedKNN model for fast flux botnet detection[J].Egyptian Informatics Journal,2023,24(2):313-325.
[7]ALHIJAJ T B,HAMEED S M,BARA'A A A.A decision tree-aware genetic algorithm for botnet detection[J].Iraqi Journal of Science,2021,62(7):2454-2462.
[8]HOANG X D,VUX H.An improved model for detecting DGAbotnets using random forest algorithm[J].Information Security Journal:A Global Perspective,2022,31(4):441-450.
[9]ZANG X,CAO J,ZHANG X,et al.BotDetector:a system foridentifying DGA-based botnet with CNN-LSTM[J].Telecommunication Systems,2023,85(2):207-223.
[10]ABOU DAYA A,SALAHUDDIN M A,LIMAM N,et al.A graph-based machine learning approach for bot detection[C]//2019 IFIP/IEEE Symposium on Integrated Network and Service Management(IM).IEEE,2019:144-152.
[11]UMER M F,SHER M,BI Y.Flow-based intrusion detection:Techniques and challenges[J].Computers & Security,2017,70:238-254.
[12]THASEEN S,KUMAR C A.An analysis of supervised treebased classifiers for intrusion detection system[C]//2013 International Conference on Pattern Recognition,Informatics and Mobile Engineering.IEEE,2013:294-299.
[13]HEGNA A.Visualizing spatial and temporal dynamics of a class of irc-based botnets[EB/OL].https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/262293/353050_FULLTEXT.01pdf?sequence=2&isAllowed=y.
[14]GARCIA S,GRILL M,STIBOREK J,et al.An empirical comparison of botnet detection methods[J].Computers & Security,2014,45:100-123.
[15]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[16]ZHANG A,LIPTON Z C,LI M,et al.Dive into deep learning[M].Cambridge:Cambridge University Press,2023.
[17]VASWANI A,SHAZEER N,PARMAR N,et al.Attention isall you need[C]//Proceedings of the 31st International Confe-rence on Neural Information Processing Systems.2017:6000-6010.
[18]GARCÍA S.Identifying,modeling and detecting botnet beha-viors in the network[EB/OL].https://www.stratosphereips.org/publications/2014/12/5/identifying-modeling-and-detec-ting-botnet-behaviors-in-the-network.
[19]BEIGI E B,JAZI H H,STAKHANOVA N,et al.Towards effective feature selection in machine learning-based botnet detection approaches[C]//2014 IEEE Conference on Communications and Network Security.2014.
[20]ZOU F T,TAN Y,WANG L,et al.Botnet detection based on generative adversarial network[J].Journal on Communications,2021,42(7):95-106.
[21]SRINARAYANI K,PADMAVATHI B,KAVITHA D.Detec-tion of Botnet Traffic using Deep Learning Approach[C]//2023 International Conference on Sustainable Computing and Data Communication Systems(ICSCDS).IEEE,2023:201-206.
[1] PENG Jiao, HE Yue, SHANG Xiaoran, HU Saier, ZHANG Bo, CHANG Yongjuan, OU Zhonghong, LU Yanyan, JIANG dan, LIU Yaduo. Text-Dynamic Image Cross-modal Retrieval Algorithm Based on Progressive Prototype Matching [J]. Computer Science, 2025, 52(9): 276-281.
[2] GAO Long, LI Yang, WANG Suge. Sentiment Classification Method Based on Stepwise Cooperative Fusion Representation [J]. Computer Science, 2025, 52(9): 313-319.
[3] LIU Jian, YAO Renyuan, GAO Nan, LIANG Ronghua, CHEN Peng. VSRI:Visual Semantic Relational Interactor for Image Caption [J]. Computer Science, 2025, 52(8): 222-231.
[4] LIU Yajun, JI Qingge. Pedestrian Trajectory Prediction Based on Motion Patterns and Time-Frequency Domain Fusion [J]. Computer Science, 2025, 52(7): 92-102.
[5] LIU Chengzhuang, ZHAI Sulan, LIU Haiqing, WANG Kunpeng. Weakly-aligned RGBT Salient Object Detection Based on Multi-modal Feature Alignment [J]. Computer Science, 2025, 52(7): 142-150.
[6] ZHUANG Jianjun, WAN Li. SCF U2-Net:Lightweight U2-Net Improved Method for Breast Ultrasound Lesion SegmentationCombined with Fuzzy Logic [J]. Computer Science, 2025, 52(7): 161-169.
[7] ZHENG Cheng, YANG Nan. Aspect-based Sentiment Analysis Based on Syntax,Semantics and Affective Knowledge [J]. Computer Science, 2025, 52(7): 218-225.
[8] WANG Youkang, CHENG Chunling. Multimodal Sentiment Analysis Model Based on Cross-modal Unidirectional Weighting [J]. Computer Science, 2025, 52(7): 226-232.
[9] KONG Yinling, WANG Zhongqing, WANG Hongling. Study on Opinion Summarization Incorporating Evaluation Object Information [J]. Computer Science, 2025, 52(7): 233-240.
[10] XU Yutao, TANG Shouguo. External Knowledge Query-based for Visual Question Answering [J]. Computer Science, 2025, 52(6A): 240400101-8.
[11] LI Daicheng, LI Han, LIU Zheyu, GONG Shiheng. MacBERT Based Chinese Named Entity Recognition Fusion with Dependent Syntactic Information and Multi-view Lexical Information [J]. Computer Science, 2025, 52(6A): 240600121-8.
[12] HUANG Bocheng, WANG Xiaolong, AN Guocheng, ZHANG Tao. Transmission Line Fault Identification Method Based on Transfer Learning and Improved YOLOv8s [J]. Computer Science, 2025, 52(6A): 240800044-8.
[13] WU Zhihua, CHENG Jianghua, LIU Tong, CAI Yahui, CHENG Bang, PAN Lehao. Human Target Detection Algorithm for Low-quality Laser Through-window Imaging [J]. Computer Science, 2025, 52(6A): 240600069-6.
[14] GUAN Xin, YANG Xueyong, YANG Xiaolin, MENG Xiangfu. Tumor Mutation Prediction Model of Lung Adenocarcinoma Based on Pathological [J]. Computer Science, 2025, 52(6A): 240700010-8.
[15] TAN Jiahui, WEN Chenyan, HUANG Wei, HU Kai. CT Image Segmentation of Intracranial Hemorrhage Based on ESC-TransUNet Network [J]. Computer Science, 2025, 52(6A): 240700030-9.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.