Research of the combined botnet detection method based on Random Subspace

Currently botnet is one of the most serious threats to Internet security. It not only brings losses to individual users, but also endangers the interests of enterprises and poses threats to national security. This paper proposed a combined botnet detection method based on Random Subspace classification algorithm (CD-RS). The first level is periodic detection (PD), which utilizes sequential hypothesis testing to detect the botnets. It has lower false negative but higher false positive. The second level is flow statistical characteristic detection (FSCD) which is to make up the deficiencies of the first stage detection. Random Subspace classification algorithm (RSCA) is used to construct the decision tree model, and then further detect the botnets based on statistical characteristic of flows. Based on these, this paper further discusses the selection of characteristic attributes set. Experimental results show that Random Subspace classification has the best detection results by using the characteristic attributes set selected by RandomSearch and ClassifierSubsetEval compared to other selection methods.