A Study of Machine Learning classifiers for Botnet Traffic Detection with an Imbalanced Dataset

Andersen-Otte, Kamilla ; Bolgurov, Georgi Toshkov

4. semester

Cyber Security, Master

2024

2024-05-30

90 pages

This thesis investigates the use of machine learning models to classify botnet traffic within an Internet of Things (IoT) network. Given the increasing prevalence of IoT devices in our society, their limited computational power makes them a vulnerable target for botnet exploitation, making advanced detection mechanisms that can adapt to evolving threats with minimal false positives necessary. Traditional methods of network security often fail to adapt to the dynamicaly adjusting nature of botnet attacks, making machine learning, with its ability to learn and detect patterns in data a more effective solution. This study refines and enhances machine learning models specifically tailored for IoT botnet detection by tackling three key questions: ensuring proper pattern recognition through training on imbalanced datasets, optimizing machine learning models for botnet traffic detection in IoT networks, and identifying the most influential network traffic features for detecting potential botnet activities. Five machine learning models - decision tree, random forest, Gaussian Naive Bayes, XGBoost, and a voting classifier - were trained on the BoT-IoT dataset sample, with the feature sets being selected based on both feature correlation and forward and backward selection methods. Addressing the dataset imbalance, different techniques were employed to balancing the classes. The trained models were also tested on a newly sampled dataset to provide performance validation. The results indicated that the voting vlassifier, combining decision tree and XGBoost on an oversampled dataset, achieved the most favorable performance.

Download
View record in AAU Student Projects