On Feature Selection Algorithms for Effective Botnet Detection

Abstract

The threats of botnets are becoming a growing concern infecting more and more computers every day. Although botnets can be detected from their behavioral patterns, it is becoming more challenging to differentiate the behavior between the malicious traffic and the legitimate traffic as with the advancement of the technologies the malicious traffics are following the similar behavioral patterns of benign traffics. The detection of malicious traffic largely depends on the traffic features that are being used to feed in the detection process. Selecting the best features for effective botnet detection is the main contribution of this paper. At the very beginning, we show the impact of different features on botnet detection process. Then we propose several heuristics to select the best features from a handful of possible features. Some proposed heuristics are truly feature-based and some are group-based, thus generating different accuracy levels. We also analyze time complexity of each heuristic and provide a detailed performance analysis. As working with all combinations of a large number of features is not feasible, some heuristics work by grouping the features based on their similarity in patterns and checking all combinations within the groups of small number of features which improves the time complexity by a large margin. Through experiments we show the efficacy of the proposed feature selection heuristics. The result shows that some heuristics outperform state-of-the-art feature selection algorithms.