The Impact of Different Botnet Flow Feature Subsets on Prediction Accuracy Using Supervised and Unsupervised Learning Methods

Abstract

Over the past ten to fifteen years botnets have gained the attention of researchers worldwide. A great deal of effort has been given to developing systems that would efficiently and effectively detect the presence of a botnet. This unique problem saw researchers applying machine learning (ML) to solve this problem. In this paper, a brief overview of the varied machine learning methods (ML) and their utility in relation to botnet detection is provided. The main aim of this paper is to clearly define the role different ML methods play in Botnet detection. We also examine different flow level feature subsets and the resulting impact on detection accuracy given the machine learning method used. A clear understanding of these various roles are critical for developing effective and efficient real-time online-detection approaches and ultimately, more robust models. In conclusion, it was found that, the features selected must compliment the machine learning method chosen.