Improving Botnet Detection with Recurrent Neural Network and Transfer Learning

by   Jeeyung Kim, et al.

Botnet detection is a critical step in stopping the spread of botnets and preventing malicious activities. However, reliable detection is still a challenging task, due to a wide variety of botnets involving ever-increasing types of devices and attack vectors. Recent approaches employing machine learning (ML) showed improved performance than earlier ones, but these ML- based approaches still have significant limitations. For example, most ML approaches can not incorporate sequential pattern analysis techniques key to detect some classes of botnets. Another common shortcoming of ML-based approaches is the need to retrain neural networks in order to detect the evolving botnets; however, the training process is time-consuming and requires significant efforts to label the training data. For fast-evolving botnets, it might take too long to create sufficient training samples before the botnets have changed again. To address these challenges, we propose a novel botnet detection method, built upon Recurrent Variational Autoencoder (RVAE) that effectively captures sequential characteristics of botnet activities. In the experiment, this semi-supervised learning method achieves better detection accuracy than similar learning methods, especially on hard to detect classes. Additionally, we devise a transfer learning framework to learn from a well-curated source data set and transfer the knowledge to a target problem domain not seen before. Tests show that the true-positive rate (TPR) with transfer learning is higher than the RVAE semi-supervised learning method trained using the target data set (91.8


page 1

page 5


Self-Normalizing Neural Network, Enabling One Shot Transfer Learning for Modeling EDFA Wavelength Dependent Gain

We present a novel ML framework for modeling the wavelength-dependent ga...

An information-Theoretic Approach to Semi-supervised Transfer Learning

Transfer learning is a valuable tool in deep learning as it allows propa...

Transfer of Pretrained Model Weights Substantially Improves Semi-Supervised Image Classification

Deep neural networks produce state-of-the-art results when trained on a ...

Deep Variational Transfer: Transfer Learning through Semi-supervised Deep Generative Models

In real-world applications, it is often expensive and time-consuming to ...

Ridesourcing Car Detection by Transfer Learning

Ridesourcing platforms like Uber and Didi are getting more and more popu...

Botnet Detection Using Recurrent Variational Autoencoder

Botnets are increasingly used by malicious actors, creating increasing t...

An Improved Deep Belief Network Model for Road Safety Analyses

Crash prediction is a critical component of road safety analyses. A wide...

Please sign up or login with your details

Forgot password? Click here to reset