IMMBOD- Integrated Machine Learning Model for Botnet Detection
Abstract—A botnet is a network of connected devices- computers, mobiles, IoT devices etc. which have a malicious or non-malicious software application downloaded in them, with or without their knowledge. These devices are controlled by their owner using C&C software and can be used for malicious activities like sending spams, DDOS attacks, stealing data and running illegal campaigns. In this paper, we build a comprehensive and integrated machine learning model for efficient detection of all kinds of botnets. This model is called "IMMBOD-Integrated Machine Learning Model for Botnet Detection”. We create an algorithm using multiple machine learning classifiers and implement it in the model. All factors like static analysis, behavior analysis and network analysis of botnets are included in the algorithm. We use a labeled data set of more than 1,00,000 files having botnet, normal and background traffic for training the model. After getting accurate test results during training-testing phase, we test the model with samples from the wild. We compare our model with already existing detection systems and find out that the model is more accurate and efficient and also give less number of false positives than all current systems. Also, running it in a distributive environment makes it a very feasible model.