Automatic Botnet Attack Identification Based on Machine Learning  

作　　者：Peng Hui Li Jie Xu Zhong Yi Xu Su Chen Bo Wei Niu Jie Yin Xiao Feng Sun Hao Liang Lan Lu Lu Chen 

机构地区：[1]Jiangsu Police Institute,Nanjing,210000,China [2]Public Security Department of Jiangsu Province,Nanjing,210000,China [3]The University of Adelaide,Adelaide,5005,SA,Australia

出　　处：《Computers, Materials & Continua》2022年第11期3847-3860,共14页计算机、材料和连续体（英文）

基　　金：The research of this paper is supported by the project of Jiangsu Provincial Department of Education(20KJB413002);the science and technology research project of Jiangsu Provincial Public Security Department(2020KX007Z);the Jiangsu Police Institute high level talent introduction research start-up fund”(JSPIGKZ,JSPI20GKZL404);the 2021 doctor of entrepreneurship and innovation in Jiangsu Province(JSSCBS20210599);the Undergraduate Innovation and Entrepreneurship Training Program of Jiangsu Police College(No.202110329053Y)。

摘　　要：At present,the severe network security situation has put forward high requirements for network security defense technology.In order to automate botnet threat warning,this paper researches the types and characteristics of Botnet.Botnet has special characteristics in attributes such as packets,attack time interval,and packet size.In this paper,the attack data is annotated by means of string recognition and expert screening.The attack features are extracted from the labeled attack data,and then use K-means for cluster analysis.The clustering results show that the same attack data has its unique characteristics,and the automatic identification of network attacks is realized based on these characteristics.At the same time,based on the collection and attribute extraction of Botnet attack data,this paper uses RF,GBM,XGBOOST and other machine learning models to test the warning results,and automatically analyzes the attack by importing attack data.In the early warning analysis results,the accuracy rates of different models are obtained.Through the descriptive values of the three accuracy rates of Accuracy,Precision,and F1_Score,the early warning effect of each model can be comprehensively displayed.Among the five algorithms used in this paper,three have an accuracy rate of over 90%.The three models with the highest accuracy are used in the early warning model.The research shows that cyberattacks can be accurately predicted.When this technology is applied to the protection system,accurate early warning can be given before a network attack is launched.

关 键 词：HONEYPOT LOG network attack machine learning 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP181[自动化与计算机技术—计算机科学与技术]