Fortifying Botnet Classification based on Venn-abers Prediction

Zhi WANG, Huan-zhi GAO, Yi-ming ZHANG, Yu-chuan HU, Ke-fan QIU, Xiao CHENG, Chun-fu JIA
2017 DEStech Transactions on Computer Science and Engineering  
Botnet is one of the most significant threats to the Internet so that many botnet detection approaches have been proposed based on machine learning techniques. But botnets evolve more and more rapidly and over 70% malware created today uses one or more evasion techniques to avoid detection. Consequently, botnet detection models based on static threshold is facing the concept drift challenge. In this paper, we introduced Venn-Abers algorithm into detection model to mitigate concept drift
more » ... ncept drift problem. We selected KNN and KDE as scoring classifier to build a Venn-Abers predictor. The experiments show that each prediction has a probability interval output by a Venn-Abers predictor that accurately indicate the quality of prediction. The drop of prediction quality is a signature for concept drift even when the prediction result is correct. 1https://www.av-test.org/en/statistics/malware/ 2https://go.lastline.com/webinar-protect-your-network-from-evasive-malware.html
doi:10.12783/dtcse/cst2017/12576 fatcat:v6r7srjjtzfx3mgalkxvxoxoci