AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Framework for automated comparison of machine learning based botnet detection approaches

Author

Term

4. term

Education

Networks and Distributed Systems, Master

Publication year

2016

Submitted on

Pages

90

Abstract

Skadelig software (malware) har i mange år været et sikkerhedsproblem. Et aktuelt fokus er at opdage botnet—globale netværk af kompromitterede computere, der styres af en botmaster og ofte bruges til at udføre distribuerede tjenestenægtelsesangreb (DDoS). Maskinlæring bruges i vid udstrækning til botnetdetektion, men forskere må igen og igen opbygge egne trænings- og testsæt, hvilket gør det svært at sammenligne resultater på tværs af studier. Dette projekt skitserer et offentligt tilgængeligt rammeværk, der gør det nemt at sammenligne forskellige maskinlæringsbaserede metoder til botnetdetektion under de samme betingelser. I rammeværket bliver hver metode trænet og evalueret på de samme datasæt med ensartede procedurer. At opbygge et sådant rammeværk kræver omhyggelig anvendelse af bedste praksis for at indsamle netværksdata, mærke dem som harmløse eller skadelige og sammenflette dem til veldefinerede trænings- og evalueringssæt—forhold som projektet adresserer for at muliggøre retfærdige og reproducerbare sammenligninger.

Malicious software (malware) has been a security problem for many years. A current focus is detecting botnets—worldwide networks of compromised computers controlled by a botmaster and often used to carry out Distributed Denial of Service (DDoS) attacks. Machine learning is widely used for botnet detection, but researchers repeatedly have to build their own training and test datasets, which makes results difficult to compare across studies. This project outlines a publicly available framework that makes it easy to compare different machine-learning-based botnet detection methods under the same conditions. In the framework, each method is trained and evaluated on the same datasets using consistent procedures. Building such a framework requires careful best practices for capturing network data, labeling it as benign or malicious, and merging it into well-defined training and evaluation sets—considerations the project addresses to support fair and reproducible comparisons.

[This abstract was generated with the help of AI]

Documents

Download
View record in AAU Student Projects