An Analysis on Network Flow-Based IoT Botnet Detection Using Weka

Botnets pose a significant and growing risk to modern networks. Detection of botnets remains an important area of open research in order to prevent the proliferation of botnets and to mitigate the damage that can be caused by botnets that have already been established. Botnet detection can be broadly categorised into two main categories: signature-based detection and anomaly-based detection. This paper sets out to measure the accuracy, false-positive rate, and false-negative rate of four algorithms that are available in Weka for anomaly-based detection of a dataset of HTTP and IRC botnet data. The algorithms that were selected to detect botnets in the Weka environment are J48, naïve Bayes, random forest, and UltraBoost. The dataset was generated using a realistic network environment by The University of New South Wales, Canberra. The findings showed that botnet behaviours from the selected dataset could be detected by Weka with a high degree of accuracy and low false-positive rate. With all features included, the random forest algorithm was found to achieve the highest accuracy with 96.70%, and the algorithm that attained the lowest false-positive rates was also random forest with 0.008. With a reduced feature set of IP addresses and ports, the random forest algorithm attained the highest accuracy and precision and lowest false-positive rate. With only information regarding packets per second being sent and received, J48 was this time the most accurate with its predictions and attained the highest precision

Implementation of Wireshark and IP tables Firewall Collaboration to Improve Traffic Security on Network Systems

Abstract Along with the development of the internet era which is very fast today, the network security system becomes a very urgent matter and needs attention. The number of criminal activities and cyber attacks that attack servers through the network makes a server administrator need to make extra efforts in maintaining and monitoring data traffic that enters or leaves the server system. One of the efforts often made by server admins is to monitor server activity and then immediately secure the server from attacks that they identify from the monitoring results. data packets. Here an algorithm is built where the output of the Wireshark application is an analysis result that will distinguish the presence of a malicious accessing IP and then notify the server admin to set the firewall and block the IP that is considered dangerous, or analyze the port that is temporarily under attack and then notify the admin to close the port. From the results of this algorithm research by simulating attacks using Synflood Attack on the server, it can be seen that the level of effectiveness of the algorithm in dealing with attacks can make RAM and CPU lighter so that it does not burden the hardware when compared to without using the algorithm and also makes system network traffic more efficient

Robust Botnet Detection Techniques for Mobile and Network Environments

Cybercrime costs large amounts of money and resources every year. This is because it is usually carried out using different methods and at different scales. The use of botnets is one of the most common successful cybercrime methods. A botnet is a group of devices that are used together to carry out malicious attacks (they are connected via a network). With the widespread usage of handheld devices such as smartphones and tablets, networked devices are no longer limited to personal computers and laptops. Therefore, the size of networks (and therefore botnets) can be large. This means it is not surprising for malicious users to target different types of devices and platforms as cyber-attack victims or use them to launch cyber-attacks. Thus, robust automatic methods of botnet detection on different platforms are required. This thesis addresses this problem by introducing robust methods for botnet family detection on Android devices as well as by generally analysing network traffic. As for botnet detection on Android, this thesis proposes an approach to identify botnet Android botnet apps by means of source code mining. The approach analyses the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. Two methods are used to build datasets. In the first, text mining is performed on the source code and several datasets are constructed, and in the second, one dataset is created by extracting source code metrics using an open-source tool. Additionally, this thesis introduces a novel transfer learning approach for the detection of botnet families by means of network traffic analysis. This approach is a key contribution to knowledge because it adds insight into how similar instances can exist in datasets that belong to different botnet families and that these instances can be leveraged to enhance model quality (especially for botnet families with small datasets). This novel approach is denoted Similarity Based Instance Transfer, or SBIT. Furthermore, the thesis presents a proposed extended version designed to overcome a weakness in the original algorithm. The extended version is called CB-SBIT (Class Balanced Similarity Based Instance Transfer)