Identifying malicious botnet traffic using logistic regression

Rohan Bapat, Abhijith Mandya, Xinyang Liu, Brendan Abraham, Donald E. Brown, Hyojung Kang, Malathi Veeraraghavan

Research output: Chapter in Book/Report/Conference proceedingConference contribution


An important source of cyber-attacks is malware, which proliferates in different forms such as botnets. The botnet malware typically looks for vulnerable devices across the Internet, rather than targeting specific individuals, companies or industries. It attempts to infect as many connected devices as possible, using their resources for automated tasks that may cause significant economic and social harm while being hidden to the user and device. Thus, it becomes very difficult to detect such activity. A considerable amount of research has been conducted to detect and prevent botnet infestation. In this paper, we attempt to create a foundation for an anomaly-based intrusion detection system using a statistical learning method to improve network security and reduce human involvement in botnet detection. We focus on identifying the best features to detect botnet activity within network traffic using a lightweight logistic regression model. The network traffic is processed by Bro, a popular network monitoring framework which provides aggregate statistics about the packets exchanged between a source and destination over a certain time interval. These statistics serve as features to a logistic regression model responsible for classifying malicious and benign traffic. Our model is easy to implement and simple to interpret. We characterized and modeled 8 different botnet families separately and as a mixed dataset. Finally, we measured the performance of our model on multiple parameters using F1 score, accuracy and Area Under Curve (AUC).

Original languageEnglish (US)
Title of host publication2018 Systems and Information Engineering Design Symposium, SIEDS 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781538663431
StatePublished - Jun 6 2018
Externally publishedYes
Event2018 Systems and Information Engineering Design Symposium, SIEDS 2018 - Charlottesville, United States
Duration: Apr 27 2018 → …

Publication series

Name2018 Systems and Information Engineering Design Symposium, SIEDS 2018


Conference2018 Systems and Information Engineering Design Symposium, SIEDS 2018
Country/TerritoryUnited States
Period4/27/18 → …


  • Botnet Detection
  • Cyber Security
  • Logistic Regression
  • Machine Learning

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems
  • Information Systems and Management
  • Control and Systems Engineering


Dive into the research topics of 'Identifying malicious botnet traffic using logistic regression'. Together they form a unique fingerprint.

Cite this