Feature Selection for Detection of Peer-to-Peer Botnet Traffic

Abstract

The use of anomaly-based classification of intrusions has increased significantly for Intrusion Detection Systems. Large number of training data samples and a good ‘feature set’ are two primary requirements to build effective classification models with machine learning algorithms. Since the amount of data available for malicious traffic will often be small compared to the available traces of benign traffic, extraction of ‘good’ features which enable detection of malicious traffic is a challenging area of work. This research work presents preliminary results of comparison of performance of three different feature selection algorithms - Correlation based feature selection, Consistency based subset evaluation and Principal component analysison three different Machine learning techniques- namely Decision trees, Na¨ıve Bayes classifier, and Bayesian Network classifier. These algorithms are evaluated for the detection of Peer-to-Peer (P2P) based botnet traffic.