IoT-Cloud Assisted Botnet Detection Using Rat Swarm Optimizer with Deep Learning
1 Department of Computer Science, College of Computing and Information Technology, Shaqra University, Shaqra, Saudi Arabia
2 Department of Information Systems, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, P.O. Box 84428, Riyadh, 11671, Saudi Arabia
3 Department of Information Systems, College of Computer Science, Center of Artificial Intelligence, Unit of Cybersecurity, King Khalid University, Abha, Saudi Arabia
4 Department of Industrial Engineering, College of Engineering at Alqunfudah, Umm Al-Qura University, Saudi Arabia
5 Department of Information Systems, College of Computer Science, King Khalid University, Abha, Saudi Arabia
6 Department of Information Technology, College of Computers and Information Technology, Taif University, Taif P.O. Box 11099, Taif, 21944, Saudi Arabia
7 Department of Mechanical Engineering, Faculty of Engineering and Technology, Future University in Egypt, New Cairo, 11835, Egypt
8 Department of Computer Science, College of Sciences and Humanities-Aflaj, Prince Sattam bin Abdulaziz University, Saudi Arabia
* Corresponding Author: Mesfer Al Duhayyim. Email:
Computers, Materials & Continua 2023, 74(2), 3085-3100. https://doi.org/10.32604/cmc.2023.032972
Received 03 June 2022; Accepted 05 July 2022; Issue published 31 October 2022
AbstractNowadays, Internet of Things (IoT) has penetrated all facets of human life while on the other hand, IoT devices are heavily prone to cyberattacks. It has become important to develop an accurate system that can detect malicious attacks on IoT environments in order to mitigate security risks. Botnet is one of the dreadful malicious entities that has affected many users for the past few decades. It is challenging to recognize Botnet since it has excellent carrying and hidden capacities. Various approaches have been employed to identify the source of Botnet at earlier stages. Machine Learning (ML) and Deep Learning (DL) techniques are developed based on heavy influence from Botnet detection methodology. In spite of this, it is still a challenging task to detect Botnet at early stages due to low number of features accessible from Botnet dataset. The current study devises IoT with Cloud Assisted Botnet Detection and Classification utilizing Rat Swarm Optimizer with Deep Learning (BDC-RSODL) model. The presented BDC-RSODL model includes a series of processes like pre-processing, feature subset selection, classification, and parameter tuning. Initially, the network data is pre-processed to make it compatible for further processing. Besides, RSO algorithm is exploited for effective selection of subset of features. Additionally, Long Short Term Memory (LSTM) algorithm is utilized for both identification and classification of botnets. Finally, Sine Cosine Algorithm (SCA) is executed for fine-tuning the hyperparameters related to LSTM model. In order to validate the promising performance of BDC-RSODL system, a comprehensive comparison analysis was conducted. The obtained results confirmed the supremacy of BDC-RSODL model over recent approaches.
Internet of Things (IoT) is a paradigm in which billions of intelligent devices are interconnected with each other and are capable of communicating through internet . In recent years, several machines are embedded every day with sensors and there is a tremendous increase can be observed upon communication through internet. As per the paper published in IoT Business News, there is a drastic growth experienced in the number of devices getting interconnected with IoT world. The number is expected to grow up to 24.1 billion by 2030 . ITU Telecommunication Standardization Sector (ITUT) described IoT as a worldwide system that comprises of connected device in accordance to information and communication technology . There is a bigger stream of information exists amidst the connected devices and security is one of the key challenges in IoT . To guarantee the security of IoT network and devices associated with it, appropriate privacy requirements should be met at early stages of design, development and deployment of IoT devices [5,6]. Since IoT model is an emerging phenomenon, it still lacks a strong security mechanism or infrastructure which remains a threat to beneficial data. Current security strategies should be approved for IoT systems to retain the safety of individuals, IoT entities, and organizations . The main security problem in IoT is botnet-based distributed denial of service (DDoS) attacks in which the hacker infects the device with script .
At present, Artificial Intelligence (AI) algorithm is utilized for the detection of IoT attacks with high accuracy [9,10]. AI technology has the capability of detecting the variance in methods and channels of attack. This is the major problem confronted by security solutions when it comes to dealing with IoT attacks: attackers introduce slight modifications from the preceding attack which makes the security solution incapable of identifying the threat [11,12]. Researchers and developers utilize AI technology to prevent other risks to the IoT environment by examining system traffic [13,14]. Machine Learning (ML) and Deep Learning (DL) techniques have been converted into security systems to detect the attacks efficiently. DL is an evolution of AI that is contemporary to different real-time applications in order to handle complicated non-linear information.
Waqas et al.  inspected cyber security issues from the arrival of distributed denial of service (DDOS), and malware attacks. In this case, various ML techniques such as fuzzy classifier, random forest (RF), support vector machine (SVM), linear regression, Naïve Bayes (NB), decision tree (DT), k-nearest neighbor (KNN), adaptive boosting, tree ensemble, artificial neural network (ANN), and gradient boosting were applied for the recognition of botnet attack. In literature , an ensemble learning based approach in IoT (ELBA-IoT) was suggested for botnet attack recognition in IoT networks. This method categorizes the behavioral features of IoT and utilizes ensemble learning for the identification anomalous network traffic in compromised IoT gadgets. Moreover, IoT-related botnet detection technique evaluates three distinct ML methods that belong to DT approaches (RUSBoosted, bagged, and AdaBoosted).
In the study conducted earlier , a feature extraction technique was first devised with the help of effective payload from every network packet. Then, a feature selection (FS) technique was projected on the basis of trade-off and by comparing the length of the packets extracted and the trained performance of models. By selecting a rational sum of packets and a suitable length of bytes as feature vectors, a DL method was projected and assessed for botnet detection. In literature , a novel method was introduced to be used in the creation of novel Botnet dataset. This dataset creation is to recognize the anomalous activities in IoT systems. A flow-related Intrusion Detection System (IDS) was tested and examined with the help of flow-related features. Alzahrani et al.  suggested a powerful system that is helpful in the detection of botnet attacks on IoT gadgets. This system creatively compiled the convolutional neural network (CNN) with long short term memory (CNN-LSTM) method so as to detect two serious and common IoT assaults (Mirai and BASHLITE) on four different kinds of security cameras.
The current research study devises a model for IoT named Cloud Assisted Botnet Detection and Classification using Rat Swarm Optimizer with Deep Learning (BDC-RSODL) model. The presented BDC-RSODL model involves a series of processes like pre-processing, feature subset selection, classification, and parameter tuning. Primarily, the network data is pre-processed to make it compatible for further processing. Besides, RSO algorithm is exploited to effectively elect a subset of features. Furthermore, LSTM approach is utilized for identification and classification of botnets. Finally, Sine Cosine Algorithm (SCA) is applied to fine tune the hyperparameters related to LSTM model. In order to validate the promising performance of the proposed BDC-RSODL technique, a comprehensive comparison analysis was conducted and the results were discussed under different measures.
2 The Proposed Botnet Detection Model
In this study, an effective BDC-RSODL model has been devised for detection and classification of botnet from IoT cloud environment. The presented BDC-RSODL model includes a series of processes like pre-processing, feature subset selection, classification, and parameter tuning. Initially, the network data is pre-processed to make it compatible for further processing. Besides, RSO algorithm is exploited to effectively elect a subset of features. Moreover, SCA with LSTM model is utilized for identification and classification of botnets. Fig. 1 depicts the overall processes involved in BDC-RSODL algorithm.
2.1 Feature Selection Using RSO Algorithm
In this stage, RSO technique is exploited to effectively elect a subset of features. Both chasing and fighting nature of the rats has been arithmetically formulated to develop RSO technique. This technique is used in current study to carry out optimization . Usually, rats are social animals that chase the prey from groups using agonistic nature. In order to describe such behaviours, given that an optimum searching agent is acquaintance of the prey’s place.
Furthermore, the searching agents update their position with respect to optimum searching agents obtained until then. The subsequent formulation is used for the above mentioned scenario.
In Eq. (1), describes the location of the rat and indicates the optimal solution. Hence, A & C parameters are assessed using the formula given below.
Thus, R & C denote arbitrary numbers between [1, 5] and [0, 2]. The parameters A & C are accountable for optimum exploitation and exploration at the time of iteration. To arithmetically define the fighting process of rats with prey, Eq. (4) is used.
Consider denotes the upgraded position of a rat. It retains the optimum solution and upgrades the location of other searching agents based on the location of the optimum searching agent. The impact of Eqs. (1) and (4) occur in three dimensional environments. Here, the rat’s (A, B) position gets upgraded toward the position of prey . By adjusting the parameters as presented in Eqs. (2) and (3), numerous quantity of positions are accomplished with respect to existing place. On the other hand, this mechanism is expanded under n-dimensional environments. Then, both exploitation and exploration are ensured by transformed A and C parameter values. The suggested RSO methodology stores the finest solution with the smallest operator. The process followed for existing RSO technique is shown below. The steps and the flowchart of RSO are given herewith.
1. Start the rat population whereas .
2. Choose the initial variable of RSO, A, C, & .
3. Now, assess the fitness value of each searching agent.
4. The finest searching agent explores the searching region.
5. Upgrade the location of searching agent using Eq. (4).
6. Check whether the searching agent exceeds the boundary limits of searching region and then regulate it.
7. Also, assess the fitness value of the upgraded searching agent and upgrade the vector later so that there is an optimum solution present compared to early optimal solution.
8. End the procedure when end criteria are satisfied. Otherwise, return to Step 5.
9. Return the obtained optimum solution.
The fitness function of the RSO algorithm assumes classifier accuracy and the amount of chosen features. So, the subsequent FF is utilized in the evaluation of individual solutions as illustrated in Eq. (5).
Here, ErrorRate represents the classifier error rate that employs the chosen features. ErrorRate is computed as a percentage of incorrect classification to the amount of classifiers made and is formulated as a value between 0 and 1. (ErrorRate refers to the complement of classifier accuracy), denotes the number of chosen features and signifies the entire amount of attributes from original dataset. is utilized for controlling the significance of classifier quality and subset length. In this case, is set to be 0.9.
2.2 Botnet Detection Using LSTM Model
Next, LSTM model is utilized for identification and classification of botnet. Recurrent neural network (RNN) model consists of hidden, output, and input layers. Assume a sequence of length, , the RNN reads x from to , and computes the hidden layer and output by iterating the subsequent equation from to
Let and be the weights of input-hidden, hidden-hidden, and hidden-output whereas the sizes of input, hidden and output are represented by and n respectively. denotes the activation function that operates on every element. In general, the final output is applied as a classification feature to predict the labels, since it comprises of data for the entire data sequence, Owing to the outstanding modelling of data sequence, RNN accomplishes innovative performance on different tasks. LSTM network has three gates such as forget, input, and output gates, besides the cell states . Fig. 2 illustrates the infrastructure of LSTM. An input at present time step is integrated with data on Hidden Layer (HL) from the preceding time step, and is passed onto next step with activation function for input gate as follows.
whereas represents the forget gate. signifies the input at time step t and implies the HL at preceding time step, . denotes the weight of input layers and represents the recurrent weight of HLs. Here, stands for bias of the input layer. An input gate resolves that data is saved from cell state. Input gate performs two tasks i.e., during the primary task, the input gate layer resolves the upgraded value. But, during the secondary task, layer adjusts the network by generating the vector of every novel candidate value. The formulas for the two tasks are as follows.
The resultant gate selects the HLs that are utilized to predict, using a sigmoid activation function. A novel altered cell state is distributed to function and is multiplied to attain the outcome, as follows:
The weights are demonstrated by two matrixes, . The matrix denotes the input weights connected to input, HL, and output layers correspondingly, but represents the weight of preceding HL i.e., recurrent weight from input layer, HL, and output layer. The bias vectors are gathered and forms as a matrix , with the indices equivalent to similar layers.
2.3 Hyperparameter Tuning Using SCA
Finally, SCA is applied to fine tune the hyperparameters [22–24] related to LSTM model. The advantage of the proposed SCA algorithm is that one can achieve clear results and use simple parameters . The location update is defined by cosine or sine function as given below.
–refers to ith individual position in round of dimension;
-signifies the ith individual position in t round of j dimension,
—embodies the location of global optimum solution in the preceding t round;
-signifies the amplitude factor;
and variables are uniform distribution arbitrary integers. The variable defines the moving direction of . This direction is either between the space of and or outside it. Furthermore, determines the exploration and exploitation of the updating method. Here, determines how much move towards or away from . The variable describes the degree of influence of optimum solution on the existing solution . Here, stochastically denotes that the degree influence of X and Y must be weakened, or else it must be strengthened. The variable controls the switch between sine and cosine transforms.
The current section assesses the botnet classification outcomes of the proposed BDC-RSODL model using a dataset that is composed of 20,689 samples under two classes as depicted in Tab. 1.
Fig. 3 reports the set of confusion matrices generated by BDC-RSODL model on distinct test runs. On run-1, the proposed BDC-RSODL model categorized 2,530 samples under class 0 and 17,959 samples under class 1. Simultaneously, on run-3, BDC-RSODL approach recognized 2,533 samples as class 0 and 17,958 samples as class 1. Concurrently, on run-5, the proposed BDC-RSODL system classified 2,535 samples under class 0 and 17,961 samples under class 1.
Tab. 2 provides an overview of botnet classification performance achieved by BDC-RSODL model under distinct runs of execution.
Fig. 4 shows a brief results of the analysis attained by BDC-RSODL model in terms of and . On run-1, the proposed BDC-RSODL model achieved average and values such as 96.68% and 99.04% respectively. In line with this, on run-3, BDC-RSODL system obtained average and values such as 96.68% and 99.10% correspondingly. Moreover, on run-5, the proposed BDC-RSODL technique offered average and values such as 96.74% and 99.15% correspondingly.
Fig. 5 details about the analysis results accomplished by BDC-RSODL approach with respect to and . On run-1, the proposed BDC-RSODL methodology offered average and values such as 97.82% and 99.04% correspondingly. Likewise, on run-3, the proposed BDC-RSODL approach achieved average and values such as 97.85% and 99.10% correspondingly. Eventually, on run-5, BDC-RSODL system obtained average and values such as 97.90% and 99.15% correspondingly.
Training Accuracy (TA) and Validation Accuracy (VA) values, achieved by the proposed BDC-RSODL system on test dataset, are demonstrated in Fig. 6. The experimental outcomes expose that the proposed BDC-RSODL technique gained maximal TA and VA values. To be specific, VA performed higher than TA.
Training Loss (TL) and Validation Loss (VL) values, attained by BDC-RSODL approach on test dataset, are portrayed in Fig. 7. The experimental outcomes reveal that the proposed BDC-RSODL algorithm achieved minimal TL and VL values. To be specific, VL is lesser than TL.
A clear precision-recall examination was conducted upon BDC-RSODL approach using test dataset and the results are shown in Fig. 8. The figure reveals that the proposed BDC-RSODL algorithm achieved improved precision-recall values under all classes.
Tab. 3 shows the comparative analysis results achieved by BDC-RSODL model in terms of botnet classification performance . Fig. 9 shows the detailed inspection results attained by BDC-RSODL system and other existing models. The figure signifies that the host-based system achieved the least of 92.90%. Also, peer to peer botnet detection system (P2P-BDS) and MTC-CNN algorithms demonstrated somewhat increased values such as 94.50% and 95% respectively. Moreover, DT and fuzzy logic based artificial neural network (FL-ANN) models showcased reasonable values such as 97.90% and 98.94% respectively. But the proposed BDC-RSODL model accomplished the highest of 99.12%.
Fig. 10 is a brief portrayal of analysis results achieved by BDC-RSODL approach and other existing models. The figure represents that DT methodology achieved minimal of 94.94%. Simultaneously, P2P-BDS and host-based systems demonstrated somewhat superior values such as 95.61% and 95.34% correspondingly. Followed by, MTC-CNN and FL-ANN models showcased reasonable values such as 95.87% and 96.29% correspondingly. However, the proposed BDC-RSODL model accomplished a reasonable of 96.91%.
Fig. 11 depicts the detailed investigation outcomes of BDC-RSODL system and other existing approaches. The figure implies that DT system exhibited the least of 95.95%. Along with that, P2P-BDS and host-based models demonstrated somewhat maximal values such as 96.67% and 96.84% correspondingly. Furthermore, MTC-CNN and FL-ANN models showcased reasonable values such as 97.77% and 97.87% correspondingly. Eventually, the proposed BDC-RSODL method accomplished the highest value of 99.18%.
Fig. 12 is a brief portrays of analysis results achieved by the proposed BDC-RSODL system and other existing methodologies. The figure expose that P2P-BDS approach achieved a minimal of 94.66%. Similarly, DT and MTC-CNN methods demonstrated somewhat superior values such as 95.65% and 96.16% respectively. Besides, the host-based and FL-ANN models depicted reasonable values such as 96.59% and 97.08% correspondingly. At last, the proposed BDC-RSODL algorithm accomplished the maximum of 98%. Therefore, it is confirmed that the proposed BDC-RSODL approach is effective in botnet classification compared to other existing models.
In this study, an effective BDC-RSODL model has been devised for detection and classification of botnet from IoT cloud environment. The presented BDC-RSODL model includes a series of processes like pre-processing, feature subset selection, classification, and parameter tuning. Initially, the network data is pre-processed to make it compatible for further processing. Besides, RSO algorithm is exploited to effectively elect a subset of features. Moreover, LSTM model is utilized for identification and classification of botnets. Finally, SCA is applied to fine tune the hyperparameters related to LSTM model. In order to validate the promising performance of the proposed BDC-RSODL system, a comprehensive comparative analysis was conducted. The results obtained confirmed the supremacy of the proposed BDC-RSODL model over recent approaches. In future, the performance of the proposed model can be improved by feature reduction models.
Funding Statement: The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work through Large Groups Project under grant number (61/43). Princess Nourah bint Abdulrahman University Researchers Supporting Project number (PNURSP2022R319), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia. The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code: (22UQU4340237DSR27). The author would like to thank the Deanship of Scientific Research at Shaqra University for supporting this work.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
- X. Dong, J. Hu and Y. Cui, “Overview of botnet detection based on machine learning,” in 2018 3rd Int. Conf. on Mechanical, Control and Computer Engineering (ICMCCE), Huhhot, pp. 476–479, 2018.
- W. Ahmad, A. Rasool, A. R. Javed, T. Baker and Z. Jalil, “Cyber security in IoT-based cloud computing: A comprehensive survey,” Electronics, vol. 11, no. 1, pp. 16, 2021.
- V. Kanimozhi and T. Jacob, “Artificial intelligence based network intrusion detection with hyper-parameter optimization tuning on the realistic cyber dataset cse-cic-ids2018 using cloud computing,” ICT Express, vol. 5, no. 3, pp. 211–214, 2019.
- S. A. Sokolov, T. B. Iliev and I. S. Stoyanov, “Analysis of cybersecurity threats in cloud applications using deep learning techniques,” in 2019 42nd Int. Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, pp. 441–446, 2019.
- L. Seungjin, A. Abdullah and N. Jhanjhi, “A review on honeypot-based botnet detection models for smart factory,” International Journal of Advanced Computer Science and Applications, vol. 11, no. 6, pp. 418–435, 2020.
- A. M. Hilal, H. Alsolai, F. N. Al-Wesabi, M. K. Nour, A. Motwakel et al., “Fuzzy cognitive maps with bird swarm intelligence optimization-based remote sensing image classification,” Computational Intelligence and Neuroscience, vol. 2022, pp. 1–12, 2022.
- T. Tuan, H. Long, L. Son, R. Kumar, I. Priyadarshini et al., “Performance evaluation of botnet DDoS attack detection using machine learning,” Evolutionary Intelligence, vol. 13, no. 2, pp. 283–294, 2019.
- I. Abunadi, M. M. Althobaiti, F. N. Al-Wesabi, A. M. Hilal, M. Medani et al., “Federated learning with blockchain assisted image classification for clustered UAV networks,” Computers, Materials & Continua, vol. 72, no. 1, pp. 1195–1212, 2022.
- M. Wazzan, D. Algazzawi, O. Bamasaq, A. Albeshri and L. Cheng, “Internet of things botnet detection approaches: Analysis and recommendations for future research,” Applied Sciences, vol. 11, no. 12, pp. 5713, 2021.
- M. A. Alohali, F. N. Al-Wesabi, A. M. Hilal, S. Goel, D. Gupta et al., “Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment,” Cognitive Neurodynamics, 2022, https://doi.org/1007/s11571-022-09780-8.
- N. Koroniotis, N. Moustafa, E. Sitnikova and B. Turnbull, “Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, 2019.
- A. M. Hilal, M. A. Alohali, F. N. Al-Wesabi, N. Nemri, J. Hasan et al., “Enhancing quality of experience in mobile edge computing using deep learning based data offloading and cyberattack detection technique,” Cluster Computing, 2021. https://doi.org/10.1007/s10586-021-03401-5.
- M. Roopak, G. Y. Tian and J. Chambers, “Deep learning models for cyber security in IoT networks,” in 2019 IEEE 9th Annual Computing and Communication Workshop and Conf. (CCWC), Las Vegas, NV, USA, pp. 0452–0457, 2019.
- B. Padmavathi and B. Muthukumar, “An efficient botnet detection approach based on feature learning and classification,” Journal of Control and Decision, pp. 1–14, 2022, https://doi.org/10.1080/23307706.2022.2077246.
- M. Waqas, K. Kumar, A. A. Laghari, U. Saeed, M. M. Rind et al., “Botnet attack detection in internet of things devices over cloud environment via machine learning,” Concurrency and Computation: Practice and Experience, vol. 34, no. 4, pp. e6662, 2022.
- Q. A. A. Haija and M. A. Dala’ien, “ELBA-IoT: An ensemble learning model for botnet attack detection in IoT networks,” Journal of Sensor and Actuator Networks, vol. 11, no. 1, pp. 18, 2022.
- C. Li, Y. Zhang, W. Wang, Z. Liao and F. Feng, “Botnet detection with deep neural networks using feature fusion,” in 2022 Int. Seminar on Computer Science and Engineering Technology (SCSET), Indianapolis, IN, USA, pp. 255–258, 2022.
- I. Ullah and Q. H. Mahmoud, “A technique for generating a botnet dataset for anomalous activity detection in IoT networks,” in 2020 IEEE Int. Conf. on Systems, Man, and Cybernetics (SMC), Toronto, ON, Canada, pp. 134–140, 2020.
- M. Y. Alzahrani and A. M. Bamhdi, “Hybrid deep-learning model to detect botnet attacks over internet of things environments,” Soft Computing, 2022, https://doi.org/10.1007/s00500-022-06750-4.
- G. Dhiman, M. Garg, A. Nagar, V. Kumar and M. Dehghani, “A novel algorithm for global optimization: Rat swarm optimizer,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 8, pp. 8457–8482, 2021.
- R. A. Shabandar, A. Jaddoa, P. Liatsis and A. J. Hussain, “A deep gated recurrent neural network for petroleum production forecasting,” Machine Learning with Applications, vol. 3, pp. 100013, 20
- A. Muthumari, J. Banumathi, S. Rajasekaran, P. Vijayakarthik, K. Shankar et al., “High security for de-duplicated big data using optimal simon cipher,” Computers, Materials & Continua, vol. 67, no. 2, pp. 1863–1879, 2021.
- G. N. Nguyen, N. H. L. Viet, M. Elhoseny, K. Shankar, B. B. Gupta et al., “Secure blockchain enabled cyber-physical systems in healthcare using deep belief network with ResNet model,” Journal of Parallel and Distributed Computing, vol. 153, pp. 150–160, 2021.
- M. Elhoseny, M. M. Selim and K. Shankar, “Optimal deep learning based convolution neural network for digital forensics face sketch synthesis in internet of things (IoT),” International Journal of Machine Learning and Cybernetics, vol. 12, no. 11, pp. 3249–3260, 2021.
- M. A. Elaziz, D. Oliva and S. Xiong, “An improved opposition-based sine cosine algorithm for global optimization,” Expert Systems with Applications, vol. 90, pp. 484–500, 2017.
- C. Joshi, R. Ranjan and V. Bharti, “A fuzzy logic based feature engineering approach for botnet detection using ANN,” Journal of King Saud University-Computer and Information Sciences, 2021, https://doi.org/10.1016/j.jksuci.2021.06.018.