P2P Botnet Detection Using Deep Learning Method

A Botnet is a set of infected computers and smart devices on the Internet that are controlled remotely by a Botmaster to perform various malicious activities like distributed denial of service attacks(DDoS), sending spam, click-fraud and etc. When a Botmaster communicates with its own Bots, it generates traffic that  analyzing this traffic to detect the traffic of the Botnet can be one of the influential factors for intrusion  detection systems (IDS). In this paper, the long short term memory (LSTM) method is proposed to classify P2P Botnet activities. The proposed approach is based on the characteristics of the transfer control protocol (TCP) packets and the performance of the method is evaluated using both ISCX and ISOT datasets. The experimental results show that our proposed approach has a high capability in identifying P2P network activities based on evaluation criteria. The proposed method offers a 99.65% precision rate, a 96.32% accuracy rate and a recall rate of 99.63% with a false positive rate (FPR) of 0.67%.