Botnet detection using negative selection algorithm, convolution neural network and classification methods

Botnet is a network and internet risk. It is necessary to detect botnet by analyzing and monitoring in order to quickly prevent them. Most approaches are proposed to detect bots using processing and preprocessing on a large number of incoming information from network packets, structures, etc. The recent growth of Internet and network environments has caused a significant growth in botnet attack. Accordingly, the traditional approaches are not good for botnet detection. This paper presents a new approach for the detection of botnet within networks. The proposed detection model is used to compare four attacks, the IRC, HTTP, DNS and P2P, which are used by botnet. Additionally, this model evaluates the accuracy of botnet detection. We use network nerves and correlation and also NSA (negative selection algorithm) which is based on the artificial immune system to identify botnet and compare our results with random forest, K-neighbors, SVM, Gaussian NB, CNN, LSTM algorithms. Our method (CNN-LSTM) presents shorter training time and higher accuracy. In this experiment, we use ISOT and ISCX botnet dataset which are labeled as traffic data. In addition, we investigate various types of botnet attacks and the final evaluation is presented.