Data driven approach to identify a flow-based Botnet Host using Deep Learning

Abstract

The internet’s technological advancements exposed the globe to its weaknesses as well. The risk of exploitation has also increased as a result of larger network cores cooperating to combat cyber threats, which continue to be a severe problem for the entire world. Recurrent Neural Networks (RNN)-based deep learning techniques have recently advanced to new levels in a variety of fields and applications. The risk of forged accounts is greater than ever thanks to increased network use and traffic. The challenge to identify a malicious host on the internet has always been a challenge from the development perspective. The job of binary classification to label a host as a botnet has not made any significant progress and thus still, the internet faces the issue of botnets taking over many active and important connections exploiting the network, controlling compromised hosts to spam other hosts on the network, launch DDoS attacks and more. This paper attempts to provide a novel approach for evolving the comprehensive framework for controlling botnet host prediction and uses them to handle real time cases. To attain greater recognition accuracy, we use Gated Recurrent Unit (GRU) as a hybrid Recurrent Neural Network (RNN) model. We take an evolving time series input from a network station for several days which depicts data flow i.e., count of connections from different devices recognized by their IPs, and these features are used from the IP flow to provide capability to recognize the host on a network as a potential threat. Threat detection of such botnets is important not only from the perspective of stopping them but also to find significant insights about the targeted attack to understand future trends and make the networks persistent against them.