Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning

Biju Issac; Kyle Fryer; Seibu Mary Jacob

doi:10.1007/978-3-031-82031-1_31

Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning

Biju Issac
, Kyle Fryer
, Seibu Mary Jacob

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Botnets could autonomously infect, propagate, communicate and coordinate with other members in the botnet, enabling cybercriminals to exploit the cumulative computing and bandwidth of its bots to facilitate cybercrime. Traditional detection methods are becoming increasingly unsuitable against various network-based detection evasion methods. These techniques ultimately render signature-based ‘fingerprinting’ detection infeasible and thus this research explores the application of network flow-based behavioural modelling to facilitate the binary classification of bot network activity, whereby the detection is independent of underlying communications architectures, ports, protocols and payload-based detection evasion mechanisms. A comparative evaluation of various machine learning classification methods is conducted, to precisely determine the average accuracy of each classifier on bot datasets like CTU-13, ISOT 2010 and ISCX 2014. Additionally, hyperparameter tuning using Genetic Algorithm (GA), aiming to efficiently converge to the fittest hyperparameter set for each dataset was done. The bioinspired optimisation of Random Forest (RF) with GA achieved an average accuracy of 99.85% when it was tested against the three datasets. The model was then developed into a software product. The YouTube link of the project and demo of the software developed: https://youtu.be/gNQjC91VtOI.

Original language	English
Title of host publication	Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence
Subtitle of host publication	Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024
Editors	Hamid Jahankhani, Biju Issac
Publisher	Springer
Pages	621-675
Number of pages	55
ISBN (Electronic)	9783031820311
ISBN (Print)	9783031820304
DOIs	https://doi.org/10.1007/978-3-031-82031-1_31
Publication status	Published - 14 May 2025
Event	16th International Conference on Global Security, Safety and Sustainability: Cybersecurity and Human Capabilities through Symbiotic Artificial Intelligence - Virtual Conference- Northumbria University, Newcastle-Upon- Tyne, United Kingdom Duration: 25 Nov 2024 → 27 Nov 2024

Publication series

Name	Advanced Sciences and Technologies for Security Applications
Volume	Part F414

Conference

Conference	16th International Conference on Global Security, Safety and Sustainability
Country/Territory	United Kingdom
City	Newcastle-Upon- Tyne
Period	25/11/24 → 27/11/24

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

Access to Document

10.1007/978-3-031-82031-1_31

Cite this

Issac, B., Fryer, K., & Jacob, S. M. (2025). Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning. In H. Jahankhani, & B. Issac (Eds.), Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024 (pp. 621-675). (Advanced Sciences and Technologies for Security Applications; Vol. Part F414). Springer. https://doi.org/10.1007/978-3-031-82031-1_31

Issac, Biju ; Fryer, Kyle ; Jacob, Seibu Mary. / Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning. Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. editor / Hamid Jahankhani ; Biju Issac. Springer, 2025. pp. 621-675 (Advanced Sciences and Technologies for Security Applications).

@inproceedings{ba7d44eaffdc43bfbdd64195ca8d9b6e,

title = "Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning",

abstract = "Botnets could autonomously infect, propagate, communicate and coordinate with other members in the botnet, enabling cybercriminals to exploit the cumulative computing and bandwidth of its bots to facilitate cybercrime. Traditional detection methods are becoming increasingly unsuitable against various network-based detection evasion methods. These techniques ultimately render signature-based {\textquoteleft}fingerprinting{\textquoteright} detection infeasible and thus this research explores the application of network flow-based behavioural modelling to facilitate the binary classification of bot network activity, whereby the detection is independent of underlying communications architectures, ports, protocols and payload-based detection evasion mechanisms. A comparative evaluation of various machine learning classification methods is conducted, to precisely determine the average accuracy of each classifier on bot datasets like CTU-13, ISOT 2010 and ISCX 2014. Additionally, hyperparameter tuning using Genetic Algorithm (GA), aiming to efficiently converge to the fittest hyperparameter set for each dataset was done. The bioinspired optimisation of Random Forest (RF) with GA achieved an average accuracy of 99.85\% when it was tested against the three datasets. The model was then developed into a software product. The YouTube link of the project and demo of the software developed: https://youtu.be/gNQjC91VtOI.",

author = "Biju Issac and Kyle Fryer and Jacob, \{Seibu Mary\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 16th International Conference on Global Security, Safety and Sustainability : Cybersecurity and Human Capabilities through Symbiotic Artificial Intelligence ; Conference date: 25-11-2024 Through 27-11-2024",

year = "2025",

month = may,

day = "14",

doi = "10.1007/978-3-031-82031-1\_31",

language = "English",

isbn = "9783031820304",

series = "Advanced Sciences and Technologies for Security Applications",

publisher = "Springer",

pages = "621--675",

editor = "Jahankhani, \{Hamid \} and Issac, \{Biju \}",

booktitle = "Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence",

}

Issac, B, Fryer, K & Jacob, SM 2025, Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning. in H Jahankhani & B Issac (eds), Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. Advanced Sciences and Technologies for Security Applications, vol. Part F414, Springer, pp. 621-675, 16th International Conference on Global Security, Safety and Sustainability, Newcastle-Upon- Tyne, United Kingdom, 25/11/24. https://doi.org/10.1007/978-3-031-82031-1_31

Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning. / Issac, Biju; Fryer, Kyle; Jacob, Seibu Mary.
Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. ed. / Hamid Jahankhani; Biju Issac. Springer, 2025. p. 621-675 (Advanced Sciences and Technologies for Security Applications; Vol. Part F414).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning

AU - Issac, Biju

AU - Fryer, Kyle

AU - Jacob, Seibu Mary

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Botnets could autonomously infect, propagate, communicate and coordinate with other members in the botnet, enabling cybercriminals to exploit the cumulative computing and bandwidth of its bots to facilitate cybercrime. Traditional detection methods are becoming increasingly unsuitable against various network-based detection evasion methods. These techniques ultimately render signature-based ‘fingerprinting’ detection infeasible and thus this research explores the application of network flow-based behavioural modelling to facilitate the binary classification of bot network activity, whereby the detection is independent of underlying communications architectures, ports, protocols and payload-based detection evasion mechanisms. A comparative evaluation of various machine learning classification methods is conducted, to precisely determine the average accuracy of each classifier on bot datasets like CTU-13, ISOT 2010 and ISCX 2014. Additionally, hyperparameter tuning using Genetic Algorithm (GA), aiming to efficiently converge to the fittest hyperparameter set for each dataset was done. The bioinspired optimisation of Random Forest (RF) with GA achieved an average accuracy of 99.85% when it was tested against the three datasets. The model was then developed into a software product. The YouTube link of the project and demo of the software developed: https://youtu.be/gNQjC91VtOI.

AB - Botnets could autonomously infect, propagate, communicate and coordinate with other members in the botnet, enabling cybercriminals to exploit the cumulative computing and bandwidth of its bots to facilitate cybercrime. Traditional detection methods are becoming increasingly unsuitable against various network-based detection evasion methods. These techniques ultimately render signature-based ‘fingerprinting’ detection infeasible and thus this research explores the application of network flow-based behavioural modelling to facilitate the binary classification of bot network activity, whereby the detection is independent of underlying communications architectures, ports, protocols and payload-based detection evasion mechanisms. A comparative evaluation of various machine learning classification methods is conducted, to precisely determine the average accuracy of each classifier on bot datasets like CTU-13, ISOT 2010 and ISCX 2014. Additionally, hyperparameter tuning using Genetic Algorithm (GA), aiming to efficiently converge to the fittest hyperparameter set for each dataset was done. The bioinspired optimisation of Random Forest (RF) with GA achieved an average accuracy of 99.85% when it was tested against the three datasets. The model was then developed into a software product. The YouTube link of the project and demo of the software developed: https://youtu.be/gNQjC91VtOI.

UR - https://www.scopus.com/pages/publications/105006941754

U2 - 10.1007/978-3-031-82031-1_31

DO - 10.1007/978-3-031-82031-1_31

M3 - Conference contribution

AN - SCOPUS:105006941754

SN - 9783031820304

T3 - Advanced Sciences and Technologies for Security Applications

SP - 621

EP - 675

BT - Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence

A2 - Jahankhani, Hamid

A2 - Issac, Biju

PB - Springer

T2 - 16th International Conference on Global Security, Safety and Sustainability

Y2 - 25 November 2024 through 27 November 2024

ER -

Issac B, Fryer K, Jacob SM. Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning. In Jahankhani H, Issac B, editors, Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. Springer. 2025. p. 621-675. (Advanced Sciences and Technologies for Security Applications). doi: 10.1007/978-3-031-82031-1_31

Flow-Based Detection of Botnets Through Bio-inspired Optimisation of Machine Learning

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this