An Encompassing Literature Review on Predicting Botnet Attacks in Web using Machine Learning Approaches

Sl. No

Year of publication

Project Titles

Description

2023 [1]

Botnet Attack Detection in IoT Networks using CNN and LSTM

To address IoT device security against botnet attacks, employ dimensionality reduction techniques such as PCA and autoencoder on the Bot-IoT dataset. These methods reduce feature dimensions, enabling the use of memory-efficient DL algorithms like LSTM and CNN for botnet attack detection. Evaluate performance using metrics like accuracy, precision, recall, and confusion matrix.

2023[2]

A Hybrid Model for Botnet Detection using Machine Learning

A hybrid machine-learning model, integrating k-means, rule-based systems, and decision trees, was proposed for detecting botnet attacks in network traffic. Using the CTU-13 dataset and features from the Barnacles Mating Optimizer, the experiment achieved high accuracy (99%). This approach enhances robustness against various botnet attacks, with k-means, decision tree, and rule-based system exhibiting 99.32%, 99.11%, and 97.14% accuracy, respectively. Precision rates were 98.93%, 98.37%, and 95.93%, respectively.

2023[3]

Botnet Dataset Overview Using Statistical Approach Based on Time Gap Activity Analysis

This paper introduces a novel approach to detect botnet malware by analysing time gaps in botnet datasets using a statistical method. The proposed technique aims to determine optimal threshold values, with experimental results suggesting three thresholds—highest at 4,756s, lowest at 28.69s, and an average maximum time gap of 810.61s for effective separation of botnet, normal, and background activity.

2023[4]

Detecting and Mitigating Botnet Attacks in Software-Defined Networks Using Deep Learning Techniques

Software-Defined Networking (SDN) enables flexible network management but introduces security challenges. Addressing threats like DDoS attacks, this study employs Deep Learning (DL) in an SDN environment. Utilizing a self-generated dataset, feature weighting, and tuning, the study identifies a lightweight DL method. Results show CNN's superior performance with a 99% detection rate for normal flows and 97% for attacks.

2022[1]

Botnet Attack Intrusion Detection In IoT Enabled Automated Guided Vehicles

The 21st century thrives on the Internet of Things (IoT) and Automated Vehicles, streamlining tasks within seconds. IoT integrates devices, machines, and people to transfer data seamlessly. Automated Guided Vehicles (AGVs) rely on IoT networks, demanding robust security. This study advocates an intrusion prediction system using N-Balo dataset to foresee botnet attacks, enhancing AGV network reliability and security.

2022[2]

Machine Learning based IoT-BotNet Attack Detection Using Real-time Heterogeneous Data

IoT device security is a significant challenge, prompting exploration of machine learning algorithms for attack detection. This study assesses Logistic Regression, Gaussian Naive Bayes, Decision Trees, Random Forest, K-Nearest Neighbours, and Extreme Gradient Boosting for detecting malicious activity in IoT network traffic. Tree-based classifiers outperform LR and GNB, achieving 99% accuracy and a 0.99 Fl-score in binary classification, while multiclass results highlight DT, KNN, RF, and XGB with 98% accuracy and a 0.98 Fl-score. Feature reduction impact on accuracy and training time is also analysed.

2022[3]

AI-based botnet attack classification and detection in IoT devices.

Rising use of household IoT devices poses security risks, challenging traditional rule-based systems. AI offers a solution by employing machine learning and deep learning to detect and classify IoT botnets. Six ML and three DL models are evaluated, with the top performer implemented as an API for enhanced security against threats.

2021[1]

Machine learning for misuse-based network intrusion detection: Overview, unified evaluation and feature choice comparison framework

Advanced communication network security depends on the uses of Network Intrusion Detection Systems with Machine Learning and artificial intelligence present viable alternatives to the original hardcoding. In the face of a wide range of datasets and metrics available in the literature, our work introduces detection and identification scores and defines universal comparison standards. An algorithm implementation workflow that transforms raw packet flows into machine learning input. The demonstration promises real-time, low-cost deep learning with the raw-traffic characteristics by our results, which outperform the state of the art.

2021[2]

Intrusion detection based on sequential information preserving log embedding methods and anomaly detection algorithms

Previous methods for system intrusion detection have mainly consisted of those based on pattern matching that employs prior knowledge extracted from experts’ domain knowledge. However, pattern matching-based methods have a major drawback that it can be bypassed through various modified techniques. It proposed an end-to-end abnormal behaviour detection method based on sequential information preserving log embedding algorithms and machine learning-based anomaly detection algorithms.

2020[1]

Systematic literature review on iot-based botnet attack

The adoption of the Internet of Things (IoT) technology is expanding exponentially because of its capability to provide a better service. This technology has been successfully implemented on various devices. The growth of IoT devices is massive at present. various kind of attacks are possible due to this vulnerability, with IoT-based botnet attack being one of the most popular. In this study, we conducted a comprehensive systematic literature review on IoT-based botnet attacks. Existing state of the art in the area of study was presented and discussed in detail. A systematic methodology was adopted to ensure the coverage of all important studies. This methodology was detailed and repeatable.

2020[2]

Iot-flock: An open-source framework for iot traffic generation

The Internet of things (IoT) has emerged as a topic of intense interest among the research and industrial community as it has had a revolutionary impact on human life. The rapid growth of IoT technology has revolutionized human life by inaugurating the concept of smart devices, smart healthcare, smart industry, smart city, smart grid, among others. IoT devices’ security has become a serious concern nowadays, especially for the healthcare domain, where recent attacks exposed damaging IoT security vulnerabilities. Traditional network security solutions are well established. However, due to the resource constraint property of IoT devices and the distinct behaviour of IoT protocols, the existing security mechanisms cannot be deployed directly for securing the IoT devices and network from the cyber-attacks. To enhance the level of security for IoT, researchers need IoT-specific tools, methods, and datasets. To address the mentioned problem, we provide a framework for developing IoT context-aware security solutions to detect malicious traffic in IoT use cases. The proposed framework consists of a newly created, open-source IoT data generator tool named IoT-Flock.

2020[3]

Botnet fingerprinting: a frequency distributions scheme for lightweight bot detection

Efficient bot detection is vital for security, with recent methods replacing flow-based techniques with graph-based features. However, scalability challenges arise. Addressing this, BotFP simplifies communication graphs by analysing frequency distributions of protocol attributes. It characterizes host behaviour, learns through clustering or ML, and classifies hosts as benign or bots. Validated on the CTU-13 dataset, BotFP proves lightweight, scalable, and more accurate than existing techniques in handling large datasets.

2020[4]

Network flow based iot botnet attack detection using deep learning

Governments globally advocate for adva city applications to improve urban life. The rise in Internet of Things (IoT) devices contributes to a surge in botnet attacks. To cushion cybersecurity, this paper introduces a deep learning (DL) botnet detection system for smart cities. By transforming network traffic flows into connection records, the DL model advances in detecting attacks from compromised IoT devices, outperforming traditional machine learning models in extensive experiments on benchmark datasets.

2020[5]

Performance evaluation of botnet detection using deep learning techniques

Cybersecurity is seriously threatened by Botnets, which are controlled networks of compromised computers. The evolving techniques used by botnet operators make it difficult for traditional methods of botnet identification to stay up. Machine learning has become increasingly effective in recent years as a means of identifying and reducing these hazards. The CTU-13 dataset, a frequently used dataset in the field of cybersecurity, is used in this study to offer a machine learning-based method for botnet detection. The suggested methodology makes use of the CTU-13, which is made up of actual network traffic data that was recorded in a network environment that had been attacked by a botnet. Results from experiments show how well the machine learning based approach detects botnet with accuracy. It is potential for use in actual world is demonstrated by the suggested system’s high detection rates and low false.

2020[6]

Iot dos and ddos attack detection using resnet

Rising household adoption of IoT devices amplifies security risks like DoS and spoofing. Traditional rule-based systems struggle with diverse IoT devices. Addressing this, AI techniques leverage machine learning and deep learning algorithms to detect and classify IoT botnets. Six ML and three DL models are evaluated, with the top-performing model deployed as an API.

2020[7]

A hierarchical hybrid intrusion detection approach in iot scenarios

Implementing H2ID, a two-stage hierarchical Network Intrusion Detection system for IoT security. Leveraging a MultiModal Deep AutoEncoder for anomaly detection and soft-output classifiers for attack classification, H2ID outperforms baselines by reducing false positives by up to -40%. The system ensures efficiency, flexibility, and privacy preservation in IoT scenarios, requiring minimal re-training.

2020[8]

A survey on botnet detection techniques

The paper explores methods for detecting Botnets, malicious networks controlled by a Botmaster. It distinguishes between general bot and IoT-bot detection techniques, employing the UNSW-NB15 dataset. The proposed model utilizes a real-time IoT-Bot detection algorithm based on deep learning, with Wireshark capturing network traffic for analysis.

2020[9]

Detection of slow port scanning attacks

Port scanning attacks pose a significant challenge in cybersecurity. This study leveraged seven machine learning classifiers, employing principal component analysis to enhance results. XGBoost emerged as the most effective, boasting a remarkable 99.98% accuracy, no false positives, 99.99% precision, 99.98% recall, and a 99.99% area-under-curve, outperforming other classifiers and prior research.

2020[10]

Towards a universal features set for iot botnet attacks detection

IoT device vulnerabilities expose them to exploitation, enabling attackers to integrate them into botnets. These compromised devices are then utilized to orchestrate large-scale distributed denial of service (DDoS) attacks, rendering target websites or services unresponsive to legitimate users. Existing botnet detection techniques face limitations as their performance relies on specific training datasets, lacking adaptability across diverse attack patterns. This paper introduces a universal feature set designed to enhance botnet attack detection, demonstrating superior results across three distinct botnet attack datasets.

2019[1]

A botnet detection method on sdn using deep learning

Analysing malware traffic on a network, we employ deep learning to classify normal and malicious data, countering unknown threats unaddressed by rule-based antivirus software. By programming a software-defined network, we dynamically manage malware, preventing host detection and subsequent damage. Our approach includes adding an external connection block for network isolation, thwarting internal infections.Top of Form

2019[2]

Probe delay based adaptive port scanning for iot devices with private ip address behind net

We propose a DPDK-based scanner, leveraging advanced port scanning techniques for improved network security. Overcoming speed and accuracy limitations of traditional methods, our solution employs protocol-specific probes, evasive scans, and hardware acceleration. In experiments, it achieved a 2× speedup, 99.5% open port identification accuracy, and a 40% reduction in CPU and memory usage, enhancing network visibility and security.

2019[3]

Developing realistic distributed denial of service (ddos) attack dataset and taxonomy

Expanding internet services heightens the risk of cyber threats, particularly from increasingly complex Distributed Denial-of-Service (DDoS) attacks. This study introduces an efficient Long Short-Term Memory (LSTM) model for early detection of DDoS threats in network traffic packets. Trained on the CICDDoS2019 dataset, the LSTM model demonstrates a remarkable 98% accuracy, showcasing superior performance over traditional machine learning methods.

2018[1]

A method to detect internet of things botnets

This paper addresses IoT security challenges, focusing on unauthorized access. It examines prevalent botnet characteristics and proposes a logistic regression-based method for detecting compromised IoT devices within botnets. The model estimates the likelihood of a connected device being a bot. Additionally, the article lists network protocols used for unauthorized access and communication with command-and-control servers.

2018[2]

N-baiot—network-based detection of iot botnet attacks using deep autoencoders

The surge in vulnerable IoT devices has led to a rise in IoT-based botnet attacks. Addressing this, we introduce N-BaIoT, a novel network-based anomaly detection method for IoT. Utilizing deep autoencoders, it captures behaviour snapshots to swiftly identify and differentiate between short and prolonged IoT-based attacks. Tested on nine infected commercial IoT devices, including Mirai and BASHLITE botnets, our method consistently and promptly detected ongoing attacks.

2017[1]

Port scanning detection based on anomalies

The paper presents a machine-learning-based detection system for identifying reconnaissance attacks on IoT devices. With an explainable ensemble model, the system efficiently detects scanning and reconnaissance activities, offering a 99% accuracy. It boasts low false positive (0.6%) and false negative (0.05%) rates, ensuring effectiveness resource-constrained environments with minimal resource consumption.

2016[1]

Deep residual learning for image recognition

We introduce a residual learning framework to facilitate training substantially deeper neural networks, reformulating layers as residual functions with reference to inputs. Empirical evidence demonstrates improved optimization ease and accuracy gains from increased depth. Our 152-layer residual networks, 8× deeper than VGG nets, achieved a 3.57% error on ImageNet, winning 1st place in ILSVRC 2015. Additionally, our deep representations yielded a 28% relative improvement on COCO object detection.

2016[2]

Implementation and vulnerability test of stealth port scanning attacks using zmap of censys engine

Residual learning facilitates the training of deeper neural networks, surpassing prior limitations. By redefining layers as learning residual functions relative to inputs, we achieve up to 152-layer depth, outperforming VGG nets. Empirical evidence on ImageNet demonstrates enhanced optimization and accuracy, winning the ILSVRC 2015

classification task with a 3.57% error rate. The approach, showcased with 100 and 1000 layers on CIFAR-10, emphasizes the crucial role of representation depth. Notably, the deep residual networks contribute to a 28% improvement in COCO object detection, securing 1st places in ILSVRC & COCO 2015 competitions across various tasks.

2015[1]

Botnet Forensics Framework: Is Your System a Bot

Rising sophisticated cyber-attacks pose threats to network stability. Botnets, a focus of current research, orchestrate malicious activities by connecting compromised machines to a command-and-control server. This paper outlines botnet types, defines architectures, and introduces a framework for detecting and preventing their spread, safeguarding network security.

2015[2]

Botnet in DDoS Attacks: Trends and Challenges

The escalating threat of DDoS attacks stems from the rapid expansion of computer networks and software applications. Botnets, commonly utilized in internet crimes, pose a significant hazard, particularly in DDoS attacks, causing severe depletion of network resources. This survey provides a thorough examination of DDoS, encompassing causes, types, attack tools, botnet architectures, and associated research challenges.

2014[1]

A SDN-oriented DDoS blocking scheme for botnet-based attacks

This paper explores leveraging software-defined networks (SDN) to counter sophisticated DDoS attacks that target specific services with minimal, legitimate-looking traffic. The focus is on developing a DDoS blocking application operating on the SDN controller through the standard OpenFlow interface, offering an effective defence against large-scale botnet-driven attacks.

2013[1]

Survey on botnet: Its architecture, detection, prevention and mitigation

Botnets pose a significant cybersecurity threat to individuals, organizations, and governments. Crafted by adept hackers, these malicious networks challenge the IT community in detecting, preventing, and mitigating attacks. This paper explores the botnet life cycle, topologies, detection methods, and outlines essential measures for safeguarding against future botnet threats.

2013[2]

Botnets in 4G cellular networks: Platforms to launch DDoS attacks against the air interface

This paper reveals a vulnerability in the 4G LTE air interface, exposing it to Distributed Denial-of-Service (DDoS) attacks orchestrated by botnets. Simulations using an LTE simulator demonstrate that a botnet affecting only 3% of subscribers can significantly degrade voice quality, while at 6%, it can cause a complete outage. These findings highlight the need for enhanced security measures in telecommunication services.