This paper outlines the generalized framework for building end-to-end botnet network activity detection systems using artificial intelligence (AI) techniques. The paper describes network flows reconstruction as a primary feature-extraction method and considers different AI classifiers for achieving a better detection rate. The results of the latest research by other authors in the field are incorporated to implement a more efficient approach for botnet discovery. The described intrusion detection pipeline was tested on a dataset with real botnet activity traces. The performance metrics for different AI classification models were obtained and analyzed in detail. Different data preprocessing techniques were tried and described which helped improve the results even further. Some options for future enhancement of network feature selection were proposed as well. The comparison of the obtained performance metrics was drawn against the results provided by other researchers in this field.

Prombles in programming 2022; 3-4: 376-386

Debar, Hervé. (2009). An Introduction to Intrusion-Detection Systems.

Arnaldo, Ignacio & Cuesta-Infante, Alfredo & Arun, Ankit & Lam, Mei & Bassias, Costas & Veeramachaneni, Kalyan. (2017). Learning Representations for Log Data in Cybersecurity. 250-268. 10.1007/978-3-319-60080-2_19.

https://doi.org/10.1007/978-3-319-60080-2_19

Meshal Farhan AL-Anazi and Mostafa G M Mostafa. (2019) Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning. International Journal of Computer Applications 182(48):55-60.

https://doi.org/10.5120/ijca2019918739

Beigi, E.B., Jazi, H.H., Stakhanova, N., Ghorbani, A.A.: Towards effective feature selection in machine learning-based botnet detection approaches. In: 2014 IEEE Conference on Communications and Network Security. pp. 247-255 (2014)

Graham, Mark. (2018). A Botnet Needle in a Virtual Haystack.

Habibi Lashkari, Arash. (2018). CICFlowmeter-V4.0 (formerly known as ISCXFlowMeter) is a network traffic Bi-flow generator and analyser for anomaly detection. URL: https://github.com/ISCX/CICFlowMeter. 10.13140/RG.2.2.13827.20003.

Meshal Farhan AL-Anazi, Mostafa G. M. Mostafa (2019) Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning

https://doi.org/10.5120/ijca2019918739

Suzan Almutairi, Saoucene Mahfoudh, Sultan Almutairi, and Jalal S. Alowibdi (2019) Hybrid Botnet Detection Based on Host and Network Analysis

https://doi.org/10.1155/2020/9024726

Paulo Angelo Alves, Resende André Costa Drummond. (2018) HTTP and contact‐based features for Botnet detection

Trevor; Tibshirani, Robert; Friedman, Jerome (2008). The Elements of Statistical Learning (2nd ed.). Springer. ISBN 0-387-95284-5.

Hsu, Ching-Hsiang & Huang, Chun-Ying & Chen, Kuan-Ta. (2010). Fast-Flux Bot Detection in Real Time. 6307. 464-483. 10.1007/978- 3-642-15512-3_24.

https://doi.org/10.1007/978-3-642-15512-3_24

Hwang, Chanwoong & Kim, Hyosik & Lee, Hooki & Lee, Taejin. (2020). Effective DGA-Domain Detection and Classification with TextCNN and Additional Features. Electronics. 9. 1070. 10.3390/electronics9071070.

https://doi.org/10.3390/electronics9071070