Optimal Machine Learning Models for Kitsune to Detect Mirai Botnet Malware Attack
Abstract
The network intrusion detection system (NIDS) is the key player to detect and mitigate Botnet Malware attacks. A plug-and-play NIDS, Kitsune, was proposed in the literature in 2018 as one of the best candidates. Kitsune's core algorithm is KitNET based on the ensemble of artificial neural networks called 'autoencoder' to classify legitimate and suspicious network traffic. Moreover, the Kitsune Network Attack dataset was donated to the UCI machine learning repository in October 2019. The study of Kitsune is found to be deficient in discussing the performance of other machine learning algorithms for Mirai Botnet malware attack detection besides artificial neural networks. Moreover, the study reported the performance as a true positive rate (TPR) and false-negative rate (FNR) only. In this paper, we propose that the selection of the model should be a function of TPR, FNR, training accuracy, test accuracy, misclassification cost, prediction speed, and train time. This paper presents a comprehensive investigation for selecting optimal machine learning model(s) for Kitsune. In this investigation, a large set of machine learning algorithms have opted. Our study reveals that the variants of tree algorithms such as Simple Tree, Medium Tree, Coarse Tree, RUSBoosted, and Bagged Tree have reported similar effectiveness but with slight variation inefficiency. Finally, Coarse Tree has won the competition and best-suited algorithm for Mirai botnet malware attack detection.
Keywords: cybersecurity, malware, botnet attack, Kitsune, network intrusion detection.
Full Text:
PDFReferences
HUSSAIN S. S., HASHMANI M., MOINUDDIN M., and RAZA K. A Novel Topology in Modular ANN Approach for Multi-Modal Concept Identification and Image Retrieval. Intelligent Automation & Soft Computing, 2014, 20(1): 131-141. https://doi.org/10.1080/10798587.2013.863041
AAMIR M., RIZVI S. S. H., HASHMANI M. A., ZUBAIR M., and AHMED J. Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis. Mehran University Research Journal of Engineering and Technology, 2021, 40(1): 215-229. https://doi.org/10.22581/muet1982.2101.19
SEWAK M., SANJAY K. S, and HEMANT R. Comparison of Deep Learning and the Classical Machine Learning Algorithm for Malware Detection. 2018 19th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018. https://doi.org/10.1109/SNPD.2018.8441123
LIU H., & BO L. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 2019, 9(2): 1-28. https://doi.org/10.3390/app9204396
LIU Q., LI P., ZHAO W., CAI, W. YU S., and LEUNG V. C. M. A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data-Driven View. Institute of Electrical and Electronics Engineers Access, 2018, 6: 12103-12117. https://doi.org/10.1109/ACCESS.2018.2805680
DUA S., & XIAN D. Data mining and machine learning in cybersecurity. CRC Press, Boca Raton, USA, 2016.
XIN Y., KONG L., LIU Z., CHEN Y., LI Y., ZHU H., GAO M.; HOU H., and WANG C. Machine learning and deep learning methods for cybersecurity. Institute of Electrical and Electronics Engineers Access, 2018, 6: 35365-35381. https://doi.org/10.1109/ACCESS.2018.2836950
FRALEY J. B., & CANNADY J. The Promise of Machine Learning in Cybersecurity. SoutheastCon 2017. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/SECON.2017.7925283
MIRSKY Y., TOMER D., YUVAL E., and ASAF S. Kitsune: an Ensemble of Autoencoders for Online Network Intrusion Detection. Cornell University arXiv, 2018, 1802.09089. http://dx.doi.org/10.14722/ndss.2018.23204
HASHMANI M. A., JAMEEL S. M., RIZVI S. S. H., and SHUKLA S. An Adaptive Federated Machine Learning-Based Intelligent System for Skin Disease Detection: A Step Toward an Intelligent Dermoscopy Device. Applied Sciences, 2021, 11(5): 1-19. https://doi.org/10.3390/app11052145
ALI S. E. A., RIZVI S. S. H., LAI F.-W., ALI R. F., and JAN A. A. Predicting Delinquency on Mortgage Loans: An Exhaustive Parametric Comparison of Machine Learning Techniques. International Journal of Industrial Engineering and Management, 2021, 12(1): 1-13. http://doi.org/10.24867/IJIEM-2021-1-272
ZAFFAR M. HASHMANI M. A., SAVITA K. S., RIZVI S. S. H., and REHMAN M. Role of FCBF Feature Selection Algorithm in Educational Data Mining. Mehran University Research Journal of Engineering and Technology, 2020, 39(4): 772-778. https://doi.org/10.22581/muet1982.2004.09
UDDIN V., RIZVI S. S. H., HASHMANI M. A., JAMEEL S. M., and ANSARI T. A Study of Deterioration in Classification Models in Real-Time Big Data Environment. International Conference of Reliable Information and Communication Technology. Springer, Cham, Switzerland, 2019: 79-87. https://doi.org/10.1007/978-3-030-33582-3_8
APRUZZESE G., COLAJANNI M., FERRETTI L., GUIDO A., and MARCHETTI M. On the Effectiveness of Machine and Deep Learning for Cybersecurity. 2018 10th International Conference on Cyber Conflict. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018: 371-390. https://doi.org/10.23919/CYCON.2018.8405026
KUN Z., & ZHANG Q. Application of Machine Learning in Network Intrusion Detection. Journal of Data Acquisition and Processing, 2017, 32(3): 479-488.
BISWAS S. K. Intrusion Detection Using Machine Learning: A Comparison Study. International Journal of Pure and Applied Mathematics, 2018, 118(19): 101-114. https://doi.org/10.1186/s40537-018-0145-4
MAHFOUZ A. M., DEEPAK V., and SAJJAN G. S. Comparative Analysis of ML Classifiers for Network Intrusion Detection. Fourth International Congress on Information and Communication Technology. Springer, Singapore, 2020. https://doi.org/10.1007/978-981-32-9343-4_16
VAN N. T., TRAN N. T., and LE T. S. An Anomaly-Based Network Intrusion Detection System Using Deep Learning. 2017 International Conference on System Science and Engineering. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/ICSSE.2017.8030867
KATO N., MAO B., TANG F., KAWAMOTO Y., and LIU J. Ten Challenges in Advancing Machine Learning Technologies Toward 6G. Institute of Electrical and Electronics Engineers Wireless Communications, 2020, 27(3): 96-103. https://doi.org/10.1109/MWC.001.1900476
LEE J., STANLET M., SPANIAS A., and TEPEDELENLIOGLU C. Integrating machine learning in embedded sensor systems for Internet-of-Things applications. 2016 Institute of Electrical and Electronics Engineers International Symposium on Signal Processing and Information Technology. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2016. https://doi.org/10.1109/ISSPIT.2016.7886051
NADESKI M. Bringing Machine Learning to Embedded Systems. Texas Instruments, Dallas, USA, 2019. https://www.ti.com/lit/wp/sway020a/sway020a.pdf?ts=1623255278008&ref_url=https%253A%252F%252Fwww.google.com%252F
CÁRDENAS-ROBLEDO L. A., & ALEJANDRO P.-A. Ubiquitous Learning: A Systematic Review. Telematics and Informatics, 2018, 35(5): 1097-1132. https://doi.org/10.1016/j.tele.2018.01.009
ALIEYAN K., ALMOMANI A., MANASRAH A., and KADHUM M. M. A Survey of Botnet Detection Based on DNS. Neural Computing and Applications, 2017, 28(7): 1541-1558. https://doi.org/10.1007/s00521-015-2128-0
DA COSTA V. G. T., BARBON S., MIANI R. S., RODRIGUES J. J. P. C., and ZARPELAO B. B. Detecting Mobile Botnets through Machine Learning and System Calls Analysis. 2017 Institute of Electrical and Electronics Engineers International Conference on Communications. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2017. https://doi.org/10.1109/ICC.2017.7997390
KORONIOTIS N., MOUSTAFA N., SITNIKOVA E., and SLAY J. Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques. International Conference on Mobile Networks and Management. Springer, Cham, Switzerland, 2017. https://doi.org/10.1007/978-3-319-90775-8_3
ABRAHAM B., MANDYA A., BAPAT R., ALALI F., BROWN D. E., and VEERARAGHAVAN M. A Comparison of Machine Learning Approaches to Detect Botnet Traffic. 2018 International Joint Conference on Neural Networks. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2018. https://doi.org/10.1109/IJCNN.2018.8489096
AZAB A., MAMOUN A., and MAHDI A. Machine Learning-Based Botnet Identification Traffic. International Conference on Trust, Security and Privacy in Computing and Communications. Institute of Electrical and Electronics Engineers, Piscataway, USA, 2016. https://doi.org/10.1109/TrustCom.2016.0275
MCKAY R., PENDLETON B., BRITT J., and NAKHAVANIT B. Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms. Proceedings of the 2019 3rd International Conference on Compute and Data Analysis. Association for Computing Machinery, New York, United States, 2019. https://doi.org/10.1145/3314545.3314569
KARIM A., ROSLI S., and MUHAMMAD K. K. SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications. Public Library of Science One, 2016, 11(3): 1-35. https://doi.org/10.1371/journal.pone.0150077
DOLLAH R. F. M., FAIZAL M., ARIF F., MAS’UD M.Z., and XIN L. K. Machine Learning for HTTP Botnet Detection Using Classifier Algorithms. Journal of Telecommunication, Electronic and Computer Engineering, 2018, 10: 27-30. https://www.semanticscholar.org/paper/Machine-Learning-for-HTTP-Botnet-Detection-Using-Dollah-Faizal/bfa426bf57513c87f0969ba5e9e457d6f50279b6
KIRUBAVATHI G., & ANITHA R. Structural Analysis and Detection of Android Botnets Using Machine Learning Techniques. International Journal of Information Security, 2018, 17(2): 153-167. https://doi.org/10.1007/s10207-017-0363-3
Refbacks
- There are currently no refbacks.