An advanced method for detection of botnet traffic using intrusion detection system

摘要

The botnet, which mainly consists of bots that are remotely controlled that provide the platform for most of the cyber threats. The effective countermeasure against such botnet is provided by IDS (Intrusion detection system). IDS regularly observes and identify the presence of active attack by inspecting the vulnerabilities in network traffic. A payload-inspection-based IDS (PI-IDS) recognizes active intrusion efforts by examining user datagram protocol packet (UDP) and transmission control protocol's (TCP) payload and matching it with known attacks but the technique of PI-IDS is undermined if the packet is encrypted. The shortcoming of the PI-IDS is overcome by Traffic-based IDS (T-IDS), it does not check the packet payload; instead of this, it examines the header of a packet to classify the intrusion, but this technique is not suitable in today's world because network traffic grows rapidly so to check the header of each packet is not efficient and due to this detection rate also critical. So, We propose the new method in this paper T-IDS built an RDPLM (randomized data partitioned learning model) that depend on features set, and technique for feature selection, simplified sub spacing and multiple randomized meta-learning techniques. The correctness of our model is 99.984% and time for training is 21.38 s on the botnet dataset that is well-known. It is found that other Machine-learning models like deep neural network, reduced error pruning the tree detection task sequential minimal optimization, and random Tree.