Optimized Random Forest Model for Botnet Detection Based on DNS Queries

• URL: http://arxiv.org/abs/2012.11326v1
• Date: Wed, 16 Dec 2020 16:34:11 GMT
• Title: Optimized Random Forest Model for Botnet Detection Based on DNS Queries
• Authors: Abdallah Moubayed and MohammadNoor Injadat and Abdallah Shami
• Abstract summary: Domain Name System (DNS) protocol has several security vulnerabilities. One promising solution to detect DNS-based botnet attacks is adopting machine learning (ML) based solutions. This paper proposes a novel optimized ML-based framework to detect botnets based on their corresponding DNS queries.
• Score: 8.641714871787595
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The Domain Name System (DNS) protocol plays a major role in today's Internet as it translates between website names and corresponding IP addresses. However, due to the lack of processes for data integrity and origin authentication, the DNS protocol has several security vulnerabilities. This often leads to a variety of cyber-attacks, including botnet network attacks. One promising solution to detect DNS-based botnet attacks is adopting machine learning (ML) based solutions. To that end, this paper proposes a novel optimized ML-based framework to detect botnets based on their corresponding DNS queries. More specifically, the framework consists of using information gain as a feature selection method and genetic algorithm (GA) as a hyper-parameter optimization model to tune the parameters of a random forest (RF) classifier. The proposed framework is evaluated using a state-of-the-art TI-2016 DNS dataset. Experimental results show that the proposed optimized framework reduced the feature set size by up to 60%. Moreover, it achieved a high detection accuracy, precision, recall, and F-score compared to the default classifier. This highlights the effectiveness and robustness of the proposed framework in detecting botnet attacks.

Related papers

• MONDEO: Multistage Botnet Detection [2.259031129687683]
  MONDEO is a multistage mechanism to detect DNS-based botnet malware. It comprises four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. MONDEO was tested against several datasets to measure its efficiency and performance.
  arXiv  Detail & Related papers  (2023-08-31T09:12:30Z)
• Bayesian Hyperparameter Optimization for Deep Neural Network-Based Network Intrusion Detection [2.304713283039168]
  Deep neural networks (DNN) have been successfully applied for intrusion detection problems. This paper proposes a novel Bayesian optimization-based framework for the automatic optimization of hyper parameters. We show that the proposed framework demonstrates significantly higher intrusion detection performance than the random search optimization-based approach.
  arXiv  Detail & Related papers  (2022-07-07T20:08:38Z)
• Learning from Images: Proactive Caching with Parallel Convolutional Neural Networks [94.85780721466816]
  A novel framework for proactive caching is proposed in this paper. It combines model-based optimization with data-driven techniques by transforming an optimization problem into a grayscale image. Numerical results show that the proposed scheme can reduce 71.6% computation time with only 0.8% additional performance cost.
  arXiv  Detail & Related papers  (2021-08-15T21:32:47Z)
• Multi-Source Domain Adaptation for Object Detection [52.87890831055648]
  We propose a unified Faster R-CNN based framework, termed Divide-and-Merge Spindle Network (DMSN) DMSN can simultaneously enhance domain innative and preserve discriminative power. We develop a novel pseudo learning algorithm to approximate optimal parameters of pseudo target subset.
  arXiv  Detail & Related papers  (2021-06-30T03:17:20Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Ensemble-based Feature Selection and Classification Model for DNS Typo-squatting Detection [5.785697934050654]
  Typo-squatting refers to the registration of a domain name that is extremely similar to that of an existing popular brand. This paper proposes an ensemble-based feature selection and bagging classification model to detect DNS typo-squatting attack.
  arXiv  Detail & Related papers  (2020-06-08T14:07:19Z)
• RAIN: A Simple Approach for Robust and Accurate Image Classification Networks [156.09526491791772]
  It has been shown that the majority of existing adversarial defense methods achieve robustness at the cost of sacrificing prediction accuracy. This paper proposes a novel preprocessing framework, which we term Robust and Accurate Image classificatioN(RAIN) RAIN applies randomization over inputs to break the ties between the model forward prediction path and the backward gradient path, thus improving the model robustness. We conduct extensive experiments on the STL10 and ImageNet datasets to verify the effectiveness of RAIN against various types of adversarial attacks.
  arXiv  Detail & Related papers  (2020-04-24T02:03:56Z)
• Botnet Detection Using Recurrent Variational Autoencoder [4.486436314247216]
  Botnets are increasingly used by malicious actors, creating increasing threat to a large number of internet users. We propose a novel machine learning based method, named Recurrent Variational Autoencoder (RVAE), for detecting botnets. Tests show RVAE is able to detect botnets with the same accuracy as the best known results published in literature.
  arXiv  Detail & Related papers  (2020-04-01T05:03:34Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.