Botnet detection based on network flow summary and deep learning

Example A botnet is a group of compromised Internet-connected devices controlled remotely by cyber criminals to launch coordinated attacks and to perform various malicious activities. Since botnets continuously adapt themselves to the evolving countermeasures introduced by both network and host-based detection mechanism, the traditional approaches do not provide adequate protection to botnet threat. On the one hand, behavioral analysis of network traffic can play a key role to detect botnets. For instance, behavioral analysis can be applied to observe and discover communication patterns that botnets operate during their life cycle. On the other hand, deep learning has been successfully applied to various classification tasks, and it is also a promising solution for botnet discovery. In this paper, we apply deep neural network to detect botnet by modeling network traffic flow. The performance of the proposed method is evaluated with publicly available large-scale communication traces. The experimental results illustrate that deep learning is an efficient and effective method for identifying botnet traffic with a high true positive rate (attack detection rate) and low false positive alarm rate.