Vol.73, No.2, 2022, pp.3847-3860, doi:10.32604/cmc.2022.029969
Automatic Botnet Attack Identification Based on Machine Learning
  • Peng Hui Li1, Jie Xu1,*, Zhong Yi Xu1, Su Chen1, Bo Wei Niu2, Jie Yin1, Xiao Feng Sun1, Hao Liang Lan1, Lu Lu Chen3
1 Jiangsu Police Institute, Nanjing, 210000, China
2 Public Security Department of Jiangsu Province, Nanjing, 210000, China
3 The University of Adelaide, Adelaide, 5005, SA, Australia
* Corresponding Author: Jie Xu. Email:
Received 15 March 2022; Accepted 26 April 2022; Issue published 16 June 2022
At present, the severe network security situation has put forward high requirements for network security defense technology. In order to automate botnet threat warning, this paper researches the types and characteristics of Botnet. Botnet has special characteristics in attributes such as packets, attack time interval, and packet size. In this paper, the attack data is annotated by means of string recognition and expert screening. The attack features are extracted from the labeled attack data, and then use K-means for cluster analysis. The clustering results show that the same attack data has its unique characteristics, and the automatic identification of network attacks is realized based on these characteristics. At the same time, based on the collection and attribute extraction of Botnet attack data, this paper uses RF, GBM, XGBOOST and other machine learning models to test the warning results, and automatically analyzes the attack by importing attack data. In the early warning analysis results, the accuracy rates of different models are obtained. Through the descriptive values of the three accuracy rates of Accuracy, Precision, and F1_Score, the early warning effect of each model can be comprehensively displayed. Among the five algorithms used in this paper, three have an accuracy rate of over 90%. The three models with the highest accuracy are used in the early warning model. The research shows that cyberattacks can be accurately predicted. When this technology is applied to the protection system, accurate early warning can be given before a network attack is launched.
Honeypot; log; network attack; machine learning
Cite This Article
P. Hui Li, J. Xu, Z. Yi Xu, S. Chen, B. Wei Niu et al., "Automatic botnet attack identification based on machine learning," Computers, Materials & Continua, vol. 73, no.2, pp. 3847–3860, 2022.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.