Botnet Detection using Network Traffic Visualization and Histogram of Oriented Gradients

Botnets are increasingly being used by hackers to conduct attacks on critical network infrastructure. As botnets evolve with advanced resilient mechanisms and propagation techniques, it is imperative to improve detection techniques for early warning. Despite being better than signatures at detecting zero-day attacks, machine learning techniques come with considerable overheads associated with pre-processing and feature extraction in traditional network-based approaches. Moreover, designing effective hand-crafted features for botnet detection requires advanced domain expertise. To overcome these drawbacks and enable early detection of botnets, we propose a lightweight approach for botnet detection using Histogram of Oriented Gradients (HOG) feature descriptor in this paper. We designed an adaptable framework for network traffic visualization and used this to extract images for HOG-based botnet traffic detection. Several machine learning algorithms were used to evaluate our HOG-based model and our study showed that eXtreme Gradient Boosting outperformed the other eight classifiers by obtaining 99.4% accuracy in the experiments.