Development of an Optimized Botnet Detection Framework based on Filters of Features and Machine Learning Classifiers using CICIDS2017 Dataset

Abstract

Abstract Botnet is a malicious activity that tries to disrupt traffic of service in a server or network and causes great harm to the network. In modern years, Botnets became one of the threads that constantly evolving. IDS (intrusion detection system) is one type of solutions used to detect anomalies of networks and played an increasing role in the computer security and information systems. It follows different events in computer to decide to occur an intrusion or not, and it used to build a strategic decision for security purposes. The current paper suggests a hybrid detection Botnet model using machine learning approach, performed and analyzed to detect Botnet attacks using CICIDS2017 dataset. The proposed model designed based on two types of filters to the botnet features; Correlation Attribute Eval and Principal Component deployed to reduce the dataset dimensions and to decrease the time complexity of the botnet detection process. The detection enhancement achieved by reducing the features of the dataset from 85 to 9. The training stage of classifiers is developed and compared based on six classifiers called (Random Forest, IBK, JRip, Multilayer Perceptron, Naive Bayes and OneR) evaluated to accomplish an optimized detection model. The performance and results of the proposed framework are validated using well-known metrics such as Accuracy (ACC), Precision (Pr), Recall (Rc) and F-Measure (F1). The consequence is that the combination of Correlation Attribute Eval (filter) with JRip (classifier) together can satisfy significant improvement in the Botnet detection process using CICIDS2017 dataset.