Kundu, P. P., Truong-Huu, T., Chen, L., Zhou, L., & Teo, S. G. (2022). Detection and Classification of Botnet Traffic using Deep Learning with Model Explanation. IEEE Transactions on Dependable and Secure Computing, 1–15. https://doi.org/10.1109/tdsc.2022.3183361
Abstract:
Distributed denial-of-service attacks are a kind of malicious attempts among many others that make target services
unavailable to legitimate users by using a large number of bots, which send many service requests exceeding the processing capacity
of the services. Detection of botnet traffic is therefore critical to maintaining the availability and quality of the services. In contrast,
identifying the type of botnet attacks helps system administrators quickly determine which part of the computer and network system is
under attack. Current works focus on rule-based detection, which sets rules in the network firewall to drop suspicious traffic that
matches the rules. With the emergence of machine learning and deep learning (ML/DL), several preliminary works have been
developed to learn botnet traffic behavior and perform detection. However, the performance of existing ML/DL models can be further
improved and their decision/prediction are not transparent, making it hard for users to interpret and trust the results. In this work, we
develop a novel deep learning model for botnet detection and classification combined with its ability of explaining the decision of the
model. We first leverage latent representation of traffic features generated using convolutional neural networks to detect whether a
traffic record is generated by a bot then determine the type of bots. We adopt an existing explainable framework to interpret the
prediction of the developed deep learning model. We perform extensive experiments with real network traffic as well as synthetic traffic
generated by IXIA BreakingPoint System. We compare the developed model with existing models on various performance metrics. The
experimental results show that the developed model outperforms the existing machine learning models with an improvement of up to
15% for all performance metrics while providing a clear explanation of the model decision.
License type:
Publisher Copyright
Funding Info:
There was no specific funding for the research done