基于集成学习的僵尸网络在线检测方法.

To solve the problem that existing botnet detections targeted a single phase of the botnet lifecycle, this paper proposed an online botnet detection method based on ensemble learning. Firstly, this paper fine-grained labeled the traffic of multiple phases of botnet lifecycle to generate a botnet dataset. Secondly, this paper combined multiple feature selection algorithms to generate a significant feature set containing 23 features and a less significant feature set containing 28 features. It integrated multiple deep learning models based on stacking ensemble learning and provided different input feature sets for different primary class ifiers to obtain a botnet online detection model. Finally, this paper deployed the botnet online detection model to detect multiple botnets online at the network entrance. Experiment shows that the proposed botnet online detection method based on ensemble learning in this paper can effectively detect multiple stages of botnet traffic, and the malicious traffic detection rate can reach 96 . 47% . [ABSTRACT FROM AUTHOR]