Reducing the False Alarm Rates in Detecting Botnets Using the Combination of K-Nearest Neighbors and Stochastic Gradient Descent Algorithms

With the increasing expansion of networks connected to the internet, attackers' efforts against these networks have also grown. Therefore, many researchers have proposed solutions to deal with botnets that lead to remote contamination of systems. One of the main problems of existing methods is the high rate of false alarms produced by attack detection systems, including the rate of false positives and false negatives. In the present research, by using machine learning algorithms, these alarm rates were reduced. In the first stage of the proposed solution, the dataset entered a pre-processing stage so that outliers and noise data were identified and discarded. Then, using the K-Nearest Neighbor algorithm, the non-useful features that had no effect in determining the data class were excluded from the dataset. In the next step, the Gradient Descent algorithm was used to accurately detect the class of data and categorize them into normal data or botnet attack. Finally, by performing various tests on the CTU-13 and BoT-IoT datasets in both binary and multi-class modes, the values of the important criteria for evaluating the effectiveness of the botnet attack detection system were obtained. The results showed that in the CTU-13 dataset, in binary and multi-class mode, the false negative rates were 0.01 and 0.04, and the false positive rates were 0.01 and 0.05, respectively; and for the BoT-IoT dataset, in binary and multi-class mode, the false negative rates were 0.02 and 0.05 and the false positive rates were 0.03 and 0.05, respectively. Compared to other existing methods, the proposed method is superior and demonstrates a reduction in the rate of false alarms and improves efficiency.