Open Access
ARTICLE
Automatic Botnet Attack Identification Based on Machine Learning
1 Jiangsu Police Institute, Nanjing, 210000, China
2 Public Security Department of Jiangsu Province, Nanjing, 210000, China
3 The University of Adelaide, Adelaide, 5005, SA, Australia
* Corresponding Author: Jie Xu. Email:
Computers, Materials & Continua 2022, 73(2), 3847-3860. https://doi.org/10.32604/cmc.2022.029969
Received 15 March 2022; Accepted 26 April 2022; Issue published 16 June 2022
Abstract
At present, the severe network security situation has put forward high requirements for network security defense technology. In order to automate botnet threat warning, this paper researches the types and characteristics of Botnet. Botnet has special characteristics in attributes such as packets, attack time interval, and packet size. In this paper, the attack data is annotated by means of string recognition and expert screening. The attack features are extracted from the labeled attack data, and then use K-means for cluster analysis. The clustering results show that the same attack data has its unique characteristics, and the automatic identification of network attacks is realized based on these characteristics. At the same time, based on the collection and attribute extraction of Botnet attack data, this paper uses RF, GBM, XGBOOST and other machine learning models to test the warning results, and automatically analyzes the attack by importing attack data. In the early warning analysis results, the accuracy rates of different models are obtained. Through the descriptive values of the three accuracy rates of Accuracy, Precision, and F1_Score, the early warning effect of each model can be comprehensively displayed. Among the five algorithms used in this paper, three have an accuracy rate of over 90%. The three models with the highest accuracy are used in the early warning model. The research shows that cyberattacks can be accurately predicted. When this technology is applied to the protection system, accurate early warning can be given before a network attack is launched.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.