Associated Random Neural Networks for Collective Classification of Nodes in Botnet Attacks

TL;DR

This paper introduces a novel Associated Random Neural Network (ARNN) for collective classification of compromised nodes in botnet attacks, demonstrating superior accuracy over existing methods on real network data.

Contribution

The work presents a new ARNN architecture with a gradient learning algorithm for effective online and offline botnet node classification, advancing collective attack detection techniques.

Findings

ARNN achieves higher accuracy than state-of-the-art methods.

Effective in both offline and online training scenarios.

Validated on real network data with over 700,000 packets.

Abstract

Botnet attacks are a major threat to networked systems because of their ability to turn the network nodes that they compromise into additional attackers, leading to the spread of high volume attacks over long periods. The detection of such Botnets is complicated by the fact that multiple network IP addresses will be simultaneously compromised, so that Collective Classification of compromised nodes, in addition to the already available traditional methods that focus on individual nodes, can be useful. Thus this work introduces a collective Botnet attack classification technique that operates on traffic from an n-node IP network with a novel Associated Random Neural Network (ARNN) that identifies the nodes which are compromised. The ARNN is a recurrent architecture that incorporates two mutually associated, interconnected and architecturally identical n-neuron random neural networks, that act simultneously as mutual critics to reach the decision regarding which of n nodes have been compromised. A novel gradient learning descent algorithm is presented for the ARNN, and is shown to operate effectively both with conventional off-line training from prior data, and with on-line incremental training without prior off-line learning. Real data from a 107 node packet network is used with over 700,000 packets to evaluate the ARNN, showing that it provides accurate predictions. Comparisons with other well-known state of the art methods using the same learning and testing datasets, show that the ARNN offers significantly better performance.