Botnet Attacks in Computer Network Security

Abstract

This paper introduces a deep learning-oriented framework for identifying and preventing botnet-caused DDoS attacks in Software-Defined Networking (SDN). Conventional security techniques experience high false alarms and slow detection because of the dynamic nature of botnet attacks. To improve this, the system utilizes Convolutional Neural Networks (CNNs) to detect anomalies in real-time and a graph theory-oriented dynamic flow management algorithm for preventing attacks. Experimental assessments with CICIDS 2017 and Bot-IoT datasets and a simulated SDN testbed (Mininet) indicate that the system detects attacks with 98.2% accuracy, sustains 85% network throughput during attack, and neutralizes threats in five seconds. In comparison to traditional models such as KNN, SVM, and Random Forest, the CNN-based model exhibits better accuracy, flexibility, and scalability. This work adds to SDN security by combining real-time traffic observation, deep learning, and adaptive flow control for better network cyber-threat resilience. Potential future developments are reinforcement learning-based defenses, enlarging datasets, and empirical SDN evaluations.

Introduction

The study addresses cybersecurity challenges posed by botnet-based Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) environments. While SDN enhances network control through centralization, it also introduces vulnerabilities that botnets exploit to overwhelm the control plane, causing severe disruptions. Traditional security methods struggle to detect these dynamic attacks due to high false positives and slow responses.

To overcome this, the research proposes an intelligent security framework combining a Convolutional Neural Network (CNN)-based real-time anomaly detection model with a graph theory-based dynamic flow management algorithm for mitigation. The CNN model effectively identifies evolving attack patterns with high accuracy, while the graph-based algorithm reroutes malicious traffic to maintain network performance with minimal disruption.

The system was validated using CICIDS 2017, Bot-IoT, and custom datasets, achieving 98.2% detection accuracy and maintaining 85% network performance during attacks. Compared to traditional machine learning models like KNN, SVM, and Random Forest, the CNN-based approach demonstrated superior scalability, efficiency, and accuracy.

The study also reviewed related works employing machine learning and deep learning for DDoS detection in SDN, highlighting various detection and mitigation techniques. The proposed system’s architecture continuously monitors traffic, extracts features, detects botnet activity via CNN, and dynamically mitigates attacks using shortest-path graph algorithms, all implemented in an SDN simulation environment.

Performance evaluations showed the proposed CNN system outperforms other models in accuracy, precision, recall, and F1-score, while minimizing latency, packet loss, and preserving network throughput. The adaptive learning approach ensures resilience against evolving cyber threats, making it a robust solution for securing SDN networks against botnet-based DDoS attacks.

Conclusion

The suggested botnet detection and mitigation framework in an SDN setup efficiently combines deep learning-based anomaly detection with graph theory-based traffic management to provide high accuracy with minimal service disruption. Experimental outcomes prove that the CNN-based model performs better than conventional methods like KNN, SVM, and Random Forest in terms of accuracy, precision, recall, and F1-score. The dynamic flow management of the system and ongoing model updates improve its resilience against changing botnet attacks. Future developments can emphasize incorporating federated learning for distributed training, using hybrid deep learning architectures such as CNN-LSTM to enhance detection accuracy, and using reinforcement learning for adaptive mitigation in real-time. Moreover, enhancing scalability for enterprise and cloud environments with large-scale systems and expanding security analysis to several layers of networks can enhance its robustness even further. These enhancements will render the framework a more inclusive and robust solution for protecting SDN environments against advanced botnet-based cyber threats.

References

[1] L. Tan, Y. Pan, J. Wu, J. Zhou, H. Jiang, and Y. Deng, \'\'A new frame-work for DDoS attack detection and defense in SDN environment,\'\' IEEEAccess, vol. 8, pp. 161908–161919, 2020. https://ieeexplore.ieee.org/document/9175024 [2] S. Wang, J. F. Balarezo, K. G. Chavez, A. Al-Hourani, S. Kandeepan,M. R. Asghar, and G. Russello, \'\'Detecting flooding DDoS attacks insoftware-defined networks using supervised learning techniques,\'\' Eng.Sci. Technol. Int. J., vol. 35, Nov. 2022, Art. no. 101176. https://www.sciencedirect.com/science/article/pii/S2215098622000842?via%3Dihub [3] Y. Cui, Q. Qian, C. Guo, G. Shen, Y. Tian, H. Xing, and L. Yan, \'\'TowardsDDoS detection mechanisms in software-defined networking,\'\' J. Netw.Comput. Appl., vol. 190, Sep. 2021, Art. no. 103156. https://www.sciencedirect.com/science/article/abs/pii/S1084804521001703?via%3Dihub [4] J. Ye, X. Cheng, J. Zhu, L. Feng, and L. Song, \'\'A DDoS attack detectionmethod based on SVM in software defined network,\'\' Secur. Commun.Netw., vol. 2018, pp. 1–8, Apr. 2018. https://doi.org/10.1155/2018/9804061 [5] A. A. Diro and N. Chilamkurti, \'\'Distributed attack detection scheme usingdeep learning approach for Internet of Things,\'\' Future Gener. Comput.Syst., vol. 82, pp. 761–768, May 2018. https://doi.org/10.1016/j.future.2017.08.043 [6] J. A. Pérez-Díaz, I. A. Valdovinos, K. R. Choo, and D. Zhu, \'\'A flexibleSDN-based architecture for identifying and mitigating low-rate DDoSattacks using machine learning,\'\' IEEE Access, vol. 8, pp. 155859–155872,2020. https://ieeexplore.ieee.org/document/9152693 [7] R. K. Chouhan, M. Atulkar, and N. K. Nagwani, \'\'A framework to detectDDoS attack in Ryu controller based software defined networks usingfeature extraction and classification,\'\' Appl. Intell., pp. 1–21, 2022. https://doi.org/10.1007/s10489-022-04056-7 [8] Y. Liu, T. Zhi, M. Shen, L. Wang, Y. Li, and M. Wan, \'\'Software-definedDDoS detection with information entropy analysis and optimized deeplearning,\'\' Future Gener. Comput. Syst., vol. 129, pp. 99–114, Apr. 2022. https://doi.org/10.1016/j.future.2021.11.017 [9] O. Habibi, M. Chemmakha, and M. Lazaar, \'\'Imbalanced tabular datamodelization using CTGAN and machine learning to enhance IoT bot-net attacks detection,\'\' Eng. Appl. Artif. Intell., vol. 118, Feb. 2023,Art. no. 105669. https://doi.org/10.1016/j.engappai.2022.105669 [10] H. S. Ilango, M. Ma, and R. Su, \'\'A FeedForward–Convolutional neuralnetwork to detect low-rate DoS in IoT,\'\' Eng. Appl. Artif. Intell., vol. 114,Sep. 2022, Art. no. 105059. https://doi.org/10.1016/j.engappai.2022.105059 [11] M. W. Nadeem, H. G. Goh, V. Ponnusamy, and Y. Aun, \'\'DDoS detectionin SDN using machine learning techniques,\'\' Comput., Mater. Continua,vol. 71, no. 1, pp. 771–789, 2022, doi: 10.32604/cmc.2022.021669. https://doi.org/10.32604/cmc.2022.021669 [12] K. N. Rao, K. V. Rao, and P. V. G. D. P. Reddy, \'\'A hybrid intrusiondetection system based on sparse autoencoder and deep neural network,\'\'Comput. Commun., vol. 180, pp. 77–88, Dec. 2021. https://doi.org/10.1016/j.comcom.2021.09.025 [13] M. W. Nadeem, H. G. Goh, Y. Aun, and V. Ponnusamy, \'\'A recurrent neuralnetwork based method for low-rate DDoS attack detection in SDN,\'\' inProc. 3rd Int. Conf. Artif. Intell. Data Sci. (AiDAS), Sep. 2022, pp. 13–18. https://ieeexplore.ieee.org/Xplore/home.jsp [14] P. L. S. Jayalaxmi, G. Kumar, R. Saha, M. Conti, T.-H. Kim, andR. Thomas, \'\'DeBot: A deep learning-based model for bot detection inindustrial Internet-of-Things,\'\' Comput. Electr. Eng., vol. 102, Sep. 2022,Art. no. 108214. https://doi.org/10.1016/j.compeleceng.2022.108214 [15] H.-T. Nguyen, Q.-D. Ngo, D.-H. Nguyen, and V.-H. Le, \'\'PSI-rootedsubgraph: A novel feature for IoT botnet detection using classifier algo-rithms,\'\' ICT Exp., vol. 6, no. 2, pp. 128–138, Jun. 2020. https://doi.org/10.1016/j.icte.2020.02.004 [16] A. Al Shorman, H. Faris, and I. Aljarah, \'\'Unsupervised intelligent systembasedon one class support vector machine and grey wolf optimizationfor IoT botnet detection,\'\' J. Ambient Intell. Humanized Comput., vol. 11,no. 7, pp. 2809–2825, Jul. 2020. https://doi.org/10.1007/s12652-019-01444-w [17] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai,D.Breitenbacher, and Y. Elovici, \'\'N-BaIoT—Network-based detectionof IoT botnet attacks using deep autoencoders,\'\' IEEE Pervasive Comput.,vol. 17, no. 3, pp. 12–22, Jul. 2018. https://doi.org/10.1109/MPRV.2018.03367731 [18] M. Asadi, M. A. Jabraeil Jamali, S. Parsa, and V. Majidnezhad, \'\'Detectingbotnet by using particle swarm optimization algorithm based on votingsystem,\'\' Future Gener. Comput. Syst., vol. 107, pp. 95–111, Jun. 2020. https://doi.org/10.1016/j.future.2020.01.041 [19] I. Idrissi, M. Boukabous, M. Azizi, O. Moussaoui, and H. El Fadili,\'\'Toward a deep learning-based intrusion detection system for IoT againstbotnet attacks,\'\' IAES Int. J. Artif. Intell. (IJ-AI), vol. 10, no. 1, p. 110,Mar. 2021. http://doi.org/10.11591/ijai.v10.i1.pp110-120 [20] T. Saba, A. Rehman, T. Sadad, H. Kolivand, and S. A. Bahaj,\'\'Anomaly-based intrusion detection system for IoT networks throughdeep learning model,\'\' Comput. Electr. Eng., vol. 99, Apr. 2022,Art. no. 107810. https://doi.org/10.1016/j.compeleceng.2022.107810

Copyright

Copyright © 2025 Mrs. P. Sravani, K. Shiva Kumar, P. Jai Raj Sai, K. Mohan Aditya, S. S. K. Chaitanya. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.