Flow Based Botnet Traffic Detection Using Machine Learning

A botnet is a network of infected bots that works independently under the control of a Botmaster, which issues commands to bots using command and control server. Over time botnet architectures have been become advanced to evade the detection and disruption. Botnets are used by cybercriminal attackers for performing an unwanted activity for personal advantages like performing DDOS attack, theft of bank related information like id, password, and other harmful activities through the network, which might be a great loss for the society. In this paper, a supervised machine learning classification is used to classify the flow based botnet traffic using network flow dataset. The proposed model is able to distinguish botnet traffic from normal traffic with an accuracy of 99.94% using the J48 decision tree machine learning algorithm. The result of the proposed algorithm is efficient to be implemented in real time scenario.