The effects of feature selection on the classification of encrypted botnet

Many applications today are using an encrypted channel to secure their communication and transactions. Though, their security is often challenged by adversaries such as Botnet. Botnet leverages the encrypted channel to launch attacks and amplify the impact of attacks. The numbers of Botnet attacks over an encrypted channel are increasing and continue to cause a great loss of money. This study proposes an encrypted Botnet detection technique based on packet header analysis. This technique does not require deep packet inspection and intense traffic analysis. However, the proposed technique requires the analysis of the features taken from the packet header, which are essential for detection. The study endeavors to show that features selected can significantly affect the classification of encrypted Botnet. Therefore, in this paper, the researchers focus on the effects of feature selection on the classification of encrypted Botnet. The researchers use different classification mode (full training and 10-fold cross-validation) mainly by using seven features (7-features) and three features (3-features). Seven features are the number of features extracted from the packet header, and after the feature selection, only three features out of the seven features have weight (value). Therefore, the three features are the most significant features from the seven features that have been extracted. Generally, the result shows that classification with three most significant features provides higher true positive compared to the 7-features classification. Different machine learning algorithms have been used for the classification. Relatively, the results show that the True Positives are higher for 3-features classification than 7-features classification.