Real-time Peer-to-Peer Botnet Detection Framework based on Bayesian Regularized Neural Network
This addresses the challenge of detecting evolving and unseen botnets in real-time network traffic for cybersecurity applications, though it appears incremental as it builds on existing neural network methods with a regularization technique.
The authors tackled the problem of detecting peer-to-peer botnets in live network traffic by proposing a hybrid framework that integrates neural networks with Bayesian regularization, achieving 99.2% accuracy in detecting unseen botnet activity.
Over the past decade, the Cyberspace has seen an increasing number of attacks coming from botnets using the Peer-to-Peer (P2P) architecture. Peer-to-Peer botnets use a decentralized Command & Control architecture. Moreover, a large number of such botnets already exist, and newer versions- which significantly differ from their parent bot- are also discovered practically every year. In this work, the authors propose and implement a novel hybrid framework for detecting P2P botnets in live network traffic by integrating Neural Networks with Bayesian Regularization. Bayesian Regularization helps in achieving better generalization of the dataset, thereby enabling the detection of botnet activity even of those bots which were never used in training the Neural Network. Hence such a framework is suitable for detection of newer and unseen botnets in live traffic of a network. This was verified by testing the Framework on test data unseen to the Detection module (using untrained botnet dataset), and the authors were successful in detecting this activity with an accuracy of 99.2 %.