Cost-Sensitive Distributed Machine Learning for NetFlow-Based Botnet Activity Detection

Abstract EN

The recent advancements of malevolent techniques have caused a situation where the traditional signature-based approach to cyberattack detection is rendered ineffective.

Currently, new, improved, potent solutions incorporating Big Data technologies, effective distributed machine learning, and algorithms countering data imbalance problem are needed.

Therefore, the major contribution of this paper is the proposal of the cost-sensitive distributed machine learning approach for cybersecurity.

In particular, we proposed to use and implemented cost-sensitive distributed machine learning by means of distributed Extreme Learning Machines (ELM), distributed Random Forest, and Distributed Random Boosted-Trees to detect botnets.

The system’s concept and architecture are based on the Big Data processing framework with data mining and machine learning techniques.

In practical terms in this paper, as a use case, we consider the problem of botnet detection by means of analysing the data in form of NetFlows.

The reported results are promising and show that the proposed system can be considered as a useful tool for the improvement of cybersecurity.