Research on botnet detection technology in network security

Abstract

In the current world of consistent cybersecurity threats, the priority of protecting precious data from malicious activities has never come this high. A network of infected computers that are under the control of bad actors is known as a botnet. These networks may be used for a variety of things, including spam distribution, distributed denial of service (DDoS) assaults, identity theft, and malware distribution. A botnet's constituent computers are frequently referred to as "bots" or "zombies.". And there have been appalling statistics of a 100% increase in DDoS attacks from 2021 to 2022, and attackers have been consistently evolving, implementing smaller, yet more persistent attacks. Fortunately, the measures for protecting computers from botnet attacks have also been evolving. The very first step to defending against botnet attacks is to spot suspicious requests, and in this paper, the machine learning method is utilized to help pinpoint the potential attacks. First, a comprehensive dataset is found and used to train the model. This is a dataset consisting of source IPs, protocols, bidirectional flows, packets and a total of 33 features of internet flows with a mix of normal and malicious internet flow. As for the models performed, random forest and logistic regression were chosen and run with 80 percent of the data from the dataset as a training set and 20 percent as a testing set. Overall, the two models perform greatly with the given dataset. It is a very basic study on the prevention of botnet detection, yet certainly, it provides insights and contributions into further developments in cybersecurity.