Additionally machine learning provides the ability of

This preview shows page 6 - 8 out of 32 pages.

of automated recognition of bot-related traffic patterns.Additionally, machine learning provides the ability of recognizing the patterns of malicious traffic without a prior knowledge about the malicious traffic characteristics, but by inferring knowledge from the available botnet traffic traces. 2.2 Machine Learning for Botnet Detection The basic assumption behind machine learning-based methods is that botnets produce distinguishable patterns of network activity and that these patterns could be detected by employing some of the MLAs [28, 29].
Image of page 6

Subscribe to view the full document.

On the Use of Machine Learning for Identifying Botnet Network Traffic 7 Machine Learning (ML), is a branch of artificial intelligence, that has the goal of construction and studying of systems that can learn from data [54]. Learning in this context implies ability to recognize complex patterns and make qualified decisions based on previously seen data. The main challenge of machine learning is how to provide generalization of knowledge derived from the limited set of previous experiences, in order to produce a useful decision for new, previously unseen, events. To tackle this problem the field of Machine Learning develops an array of algorithms that discover knowledge from specific data and experience, based on sound statistical and computational principles. Machine learning algorithms can be coarsely classified based on the desired outcome of the algorithm as supervised MLAs and unsupervised MLAs. Supervised learning [55] is the class of well-defined machine learning algorithms that generate a function (i.e., model) that maps inputs to desired outputs. These algorithms are trained by examples of inputs and their corre- sponding outputs, and then they are used to predict output for some future inputs. The supervised MLAs are used for classifying input data into some defined class and for regression that predict continuous valued output. In the context of botnet detection, supervised MLAs are commonly used for implementing network traffic classifiers that are able to classify malicious from non-malicious traffic or identify traffic belonging to different botnets. Some of the most popular supervised MLAused for botnet detection are: SVM (Support Vector Machines), ANN (Artificial Neural Networks), Decision tree classifiers and Bayesian classifier. Unsupervised learning [56] is the class of machine learning algorithms where training data consists of a set of inputs without any corresponding target output values. The goal of unsupervised learning may be to discover groups of similar examples within the input data, referred to as clustering, to determine the distribution of data within the input space, known as density estimation, or to project the data from a high-dimensional space down to two or three dimensions for the purpose of visualization. In the context of botnet detection, un-supervised MLAs are commonly used for the clustering of bot- related observations. The main characteristic of unsupervised MLAs is that they do not need to be trained beforehand. The most popular unsupervised
Image of page 7
Image of page 8

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern