Authors - Abdul Razzak R Yergatti, Prajwal Shiggavi, Mohammed Azharuddin, Suneeta V Boodihal Abstract - Traditional defense solutions like intrusion detection and thorough packet inspection are not so accurate. These techniques include signature-based detection, which uses known patterns, and heuristic or behavioral analysis, which evaluates program behavior to detect suspect activities. The demand for more advanced and continuously innovative methods to combat malware, botnets, and other malicious activities is urgent. Machine Learning (ML) emerged as a promising approach due to increasing computing power and reduced costs, offering potential as either an alternative or complementary defense mechanism to enhance detection accuracy by learning from large datasets of known malware behaviors. This investigation delves into the capability of Machine Learning in detecting malicious malwares within a network. Initially, a thorough analysis of the Netflow datasets is conducted, resulting in the extraction of 22 distinct characteristics. Subsequently, a feature selection procedure is employed to compare all these characteristics against each other. Following this, five machine learning algorithms are assessed using a NetFlow dataset that encompasses typical botnets. The outcomes reveal that the Random Forest Classifier successfully identifies over 95% of the botnets in 8 out of the 13 scenarios, with detection rates exceeding 55% in the most challenging datasets.
Open Zoom
