Towards using Transfer Learning for Botnet Detection

Botnet Detection has been an active research area over the last decades. Researchers have been working hard to develop effective techniques to detect Botnets. From reviewing existing approaches it can be noticed that many of them target specific Botnets. Also, many approaches try to identify any Botnet activity by analysing network traffic. They achieve this by concatenating existing Botnet datasets to obtain larger datasets, building predictive models using these datasets and then employing these models to predict whether network traffic is safe or harmful. The problem with the first approaches is that data is usually scarce and costly to obtain. By using small amounts of data, the quality of predictive models will always be questionable. On the other hand, the problem with the second approaches is that it is not always correct to concatenate datasets containing network traffic from different Botnets. Datasets can have different distributions which means they can downgrade the predictive performance of machine learning models. Our idea is instead of concatenating datasets, we propose using transfer learning approaches to carefully decide what data to use. Our hypothesis is "Predictive Performance can be improved by using transfer learning techniques across datasets containing network traffic from different Botnets".