Ferry Astika Saputra, Muhammad Fajar Masputra, I. Syarif, K. Ramli
{"title":"Botnet Detection in Network System Through Hybrid Low Variance Filter, Correlation Filter and Supervised Mining Process","authors":"Ferry Astika Saputra, Muhammad Fajar Masputra, I. Syarif, K. Ramli","doi":"10.1109/ICDIM.2018.8847076","DOIUrl":null,"url":null,"abstract":"To date, malware caused by botnet activities is one of the most serious cybersecurity threats faced by internet communities. Researchers have proposed data-mining-based IDS as an alternative solution to misuse-based IDS and anomaly-based IDS to detect botnet activities. In this paper, we propose a new method that improves IDS performance to detect botnets. Our method combines two statistical methods, namely low variance filter and Pearson correlation filter, in the feature-selection process. To prove our method can increase the performance of a data-mining-based IDS, we use accuracy and computational time as parameters. A benchmark intrusion dataset (ISCX2017) is used to evaluate our work. Thus, our method reduces the number of features to be processed by the IDS from 77 to 15. Although the number of features decreases, it does not significantly change the accuracy. The computational time is decreased from 71 seconds to 5.6 seconds.","PeriodicalId":120884,"journal":{"name":"2018 Thirteenth International Conference on Digital Information Management (ICDIM)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Thirteenth International Conference on Digital Information Management (ICDIM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDIM.2018.8847076","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
To date, malware caused by botnet activities is one of the most serious cybersecurity threats faced by internet communities. Researchers have proposed data-mining-based IDS as an alternative solution to misuse-based IDS and anomaly-based IDS to detect botnet activities. In this paper, we propose a new method that improves IDS performance to detect botnets. Our method combines two statistical methods, namely low variance filter and Pearson correlation filter, in the feature-selection process. To prove our method can increase the performance of a data-mining-based IDS, we use accuracy and computational time as parameters. A benchmark intrusion dataset (ISCX2017) is used to evaluate our work. Thus, our method reduces the number of features to be processed by the IDS from 77 to 15. Although the number of features decreases, it does not significantly change the accuracy. The computational time is decreased from 71 seconds to 5.6 seconds.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
