Optimal Machine Learning Models for Kitsune to Detect Mirai Botnet Malware Attack

Abdullah Alabdulatif, Syed Sajjad Hussain Rizvi, Manzoor Ahmed Hashmani

Abstract

The network intrusion detection system (NIDS) is the key player to detect and mitigate Botnet Malware attacks. A plug-and-play NIDS, Kitsune, was proposed in the literature in 2018 as one of the best candidates. Kitsune's core algorithm is KitNET based on the ensemble of artificial neural networks called 'autoencoder' to classify legitimate and suspicious network traffic. Moreover, the Kitsune Network Attack dataset was donated to the UCI machine learning repository in October 2019. The study of Kitsune is found to be deficient in discussing the performance of other machine learning algorithms for Mirai Botnet malware attack detection besides artificial neural networks. Moreover, the study reported the performance as a true positive rate (TPR) and false-negative rate (FNR) only. In this paper, we propose that the selection of the model should be a function of TPR, FNR, training accuracy, test accuracy, misclassification cost, prediction speed, and train time. This paper presents a comprehensive investigation for selecting optimal machine learning model(s) for Kitsune. In this investigation, a large set of machine learning algorithms have opted. Our study reveals that the variants of tree algorithms such as Simple Tree, Medium Tree, Coarse Tree, RUSBoosted, and Bagged Tree have reported similar effectiveness but with slight variation inefficiency. Finally, Coarse Tree has won the competition and best-suited algorithm for Mirai botnet malware attack detection.

 

 

Keywords: cybersecurity, malware, botnet attack, Kitsune, network intrusion detection.


 

 


Full Text:

PDF


References


HUSSAIN S. S., HASHMANI M., MOINUDDIN M., and RAZA K. A Novel Topology in Modular ANN Approach for Multi-Modal Concept Identification and Image Retrieval. Intelligent Automation & Soft Computing, 2014, 20(1): 131-141. https://doi.org/10.1080/10798587.2013.863041

AAMIR M., RIZVI S. S. H., HASHMANI M. A., ZUBAIR M., and AHMED J. Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis. Mehran University Research Journal of Engineering and Technology, 2021, 40(1): 215-229. https://doi.org/10.22581/muet1982.2101.19

SEWAK M., SANJAY K. S, and HEMANT R. Comparison of Deep Learning and the Classical Machine Learning Algorithm for Malware Detection. 2018 19th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018. https://doi.org/10.1109/SNPD.2018.8441123

LIU H., & BO L. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 2019, 9(2): 1-28. https://doi.org/10.3390/app9204396

LIU Q., LI P., ZHAO W., CAI, W. YU S., and LEUNG V. C. M. A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data-Driven View. Institute of Electrical and Electronics Engineers Access, 2018, 6: 12103-12117. https://doi.org/10.1109/ACCESS.2018.2805680

DUA S., & XIAN D. Data mining and machine learning in cybersecurity. CRC Press, Boca Raton, USA, 2016.

XIN Y., KONG L., LIU Z., CHEN Y., LI Y., ZHU H., GAO M.; HOU H., and WANG C. Machine learning and deep learning methods for cybersecurity. Institute of Electrical and Electronics Engineers Access, 2018, 6: 35365-35381. https://doi.org/10.1109/ACCESS.2018.2836950

FRALEY J. B., & CANNADY J. The Promise of Machine Learning in Cybersecurity. SoutheastCon 2017. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/SECON.2017.7925283

MIRSKY Y., TOMER D., YUVAL E., and ASAF S. Kitsune: an Ensemble of Autoencoders for Online Network Intrusion Detection. Cornell University arXiv, 2018, 1802.09089. http://dx.doi.org/10.14722/ndss.2018.23204

HASHMANI M. A., JAMEEL S. M., RIZVI S. S. H., and SHUKLA S. An Adaptive Federated Machine Learning-Based Intelligent System for Skin Disease Detection: A Step Toward an Intelligent Dermoscopy Device. Applied Sciences, 2021, 11(5): 1-19. https://doi.org/10.3390/app11052145

ALI S. E. A., RIZVI S. S. H., LAI F.-W., ALI R. F., and JAN A. A. Predicting Delinquency on Mortgage Loans: An Exhaustive Parametric Comparison of Machine Learning Techniques. International Journal of Industrial Engineering and Management, 2021, 12(1): 1-13. http://doi.org/10.24867/IJIEM-2021-1-272

ZAFFAR M. HASHMANI M. A., SAVITA K. S., RIZVI S. S. H., and REHMAN M. Role of FCBF Feature Selection Algorithm in Educational Data Mining. Mehran University Research Journal of Engineering and Technology, 2020, 39(4): 772-778. https://doi.org/10.22581/muet1982.2004.09

UDDIN V., RIZVI S. S. H., HASHMANI M. A., JAMEEL S. M., and ANSARI T. A Study of Deterioration in Classification Models in Real-Time Big Data Environment. International Conference of Reliable Information and Communication Technology. Springer, Cham, Switzerland, 2019: 79-87. https://doi.org/10.1007/978-3-030-33582-3_8

APRUZZESE G., COLAJANNI M., FERRETTI L., GUIDO A., and MARCHETTI M. On the Effectiveness of Machine and Deep Learning for Cybersecurity. 2018 10th International Conference on Cyber Conflict. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018: 371-390. https://doi.org/10.23919/CYCON.2018.8405026

KUN Z., & ZHANG Q. Application of Machine Learning in Network Intrusion Detection. Journal of Data Acquisition and Processing, 2017, 32(3): 479-488.

BISWAS S. K. Intrusion Detection Using Machine Learning: A Comparison Study. International Journal of Pure and Applied Mathematics, 2018, 118(19): 101-114. https://doi.org/10.1186/s40537-018-0145-4

MAHFOUZ A. M., DEEPAK V., and SAJJAN G. S. Comparative Analysis of ML Classifiers for Network Intrusion Detection. Fourth International Congress on Information and Communication Technology. Springer, Singapore, 2020. https://doi.org/10.1007/978-981-32-9343-4_16

VAN N. T., TRAN N. T., and LE T. S. An Anomaly-Based Network Intrusion Detection System Using Deep Learning. 2017 International Conference on System Science and Engineering. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/ICSSE.2017.8030867

KATO N., MAO B., TANG F., KAWAMOTO Y., and LIU J. Ten Challenges in Advancing Machine Learning Technologies Toward 6G. Institute of Electrical and Electronics Engineers Wireless Communications, 2020, 27(3): 96-103. https://doi.org/10.1109/MWC.001.1900476

LEE J., STANLET M., SPANIAS A., and TEPEDELENLIOGLU C. Integrating machine learning in embedded sensor systems for Internet-of-Things applications. 2016 Institute of Electrical and Electronics Engineers International Symposium on Signal Processing and Information Technology. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2016. https://doi.org/10.1109/ISSPIT.2016.7886051

NADESKI M. Bringing Machine Learning to Embedded Systems. Texas Instruments, Dallas, USA, 2019. https://www.ti.com/lit/wp/sway020a/sway020a.pdf?ts=1623255278008&ref_url=https%253A%252F%252Fwww.google.com%252F

CÁRDENAS-ROBLEDO L. A., & ALEJANDRO P.-A. Ubiquitous Learning: A Systematic Review. Telematics and Informatics, 2018, 35(5): 1097-1132. https://doi.org/10.1016/j.tele.2018.01.009

ALIEYAN K., ALMOMANI A., MANASRAH A., and KADHUM M. M. A Survey of Botnet Detection Based on DNS. Neural Computing and Applications, 2017, 28(7): 1541-1558. https://doi.org/10.1007/s00521-015-2128-0

DA COSTA V. G. T., BARBON S., MIANI R. S., RODRIGUES J. J. P. C., and ZARPELAO B. B. Detecting Mobile Botnets through Machine Learning and System Calls Analysis. 2017 Institute of Electrical and Electronics Engineers International Conference on Communications. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/ICC.2017.7997390

KORONIOTIS N., MOUSTAFA N., SITNIKOVA E., and SLAY J. Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques. International Conference on Mobile Networks and Management. Springer, Cham, Switzerland, 2017. https://doi.org/10.1007/978-3-319-90775-8_3

ABRAHAM B., MANDYA A., BAPAT R., ALALI F., BROWN D. E., and VEERARAGHAVAN M. A Comparison of Machine Learning Approaches to Detect Botnet Traffic. 2018 International Joint Conference on Neural Networks. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018. https://doi.org/10.1109/IJCNN.2018.8489096

AZAB A., MAMOUN A., and MAHDI A. Machine Learning-Based Botnet Identification Traffic. International Conference on Trust, Security and Privacy in Computing and Communications. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2016. https://doi.org/10.1109/TrustCom.2016.0275

MCKAY R., PENDLETON B., BRITT J., and NAKHAVANIT B. Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms. Proceedings of the 2019 3rd International Conference on Compute and Data Analysis. Association for Computing Machinery, New York, United States, 2019. https://doi.org/10.1145/3314545.3314569

KARIM A., ROSLI S., and MUHAMMAD K. K. SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications. Public Library of Science One, 2016, 11(3): 1-35. https://doi.org/10.1371/journal.pone.0150077

DOLLAH R. F. M., FAIZAL M., ARIF F., MAS’UD M.Z., and XIN L. K. Machine Learning for HTTP Botnet Detection Using Classifier Algorithms. Journal of Telecommunication, Electronic and Computer Engineering, 2018, 10: 27-30. https://www.semanticscholar.org/paper/Machine-Learning-for-HTTP-Botnet-Detection-Using-Dollah-Faizal/bfa426bf57513c87f0969ba5e9e457d6f50279b6

KIRUBAVATHI G., & ANITHA R. Structural Analysis and Detection of Android Botnets Using Machine Learning Techniques. International Journal of Information Security, 2018, 17(2): 153-167. https://doi.org/10.1007/s10207-017-0363-3


Refbacks

  • There are currently no refbacks.