Main Article Content
Development of a Botnet Management Model for Cyber Security Networks using Machine Learning Algorithm
Abstract
The negative effects of Botnet on the cyberspace cannot be overemphasized. A Botnet is a group of compromised computer systems that are connected to a central controller called a Botmaster. The Botmaster uses command and control (C&C) channels to manipulate Botnets. Devices which are connected to the internet are prone to getting infected by botnets especially when they visit unknown sites, click on unknown links or download free software online. Botnets are continuously being used to perform malicious activities on the internet without the knowledge of the true owners of the systems they infect, and the Botmasters keep developing new botnet toolkits that are encrypted, hence it became very necessary, to implement some advanced techniques like the use of machine learning algorithms to detect and manage Botnets. This paper presents a Botnet management model for analyzing and detecting Botnet traffics in a Network. In implementing the model, anomaly based detection technique using netflow data collection was used. The machine learning algorithms which include Decision Tree Classifier, logistic regression and K-Nearest Neighbors were implemented to classify the network traffic and find clusters of flows sharing similar timing and packet size characteristics. Wire Shark, Python programming Language and its libraries were some of the tools used. The model captured, analyzed and classified both encrypted and unencrypted traffic and the Decision Tree Classifier Algorithm gave the highest percentage of up to 99% accuracy in classifying the Botnet traffic; the Logistic Regression Classifier gave 96% accuracy while the K-Nearest Neighbors gave a 96% accuracy. From the results, the new model was able to classify and detect unknown Botnets and encrypted C&C Channels, this helped to detect systems on the network that were part of a Botnet.