Research Article
The Lightweight Botnet Detection Model Based on the Improved UNet
@INPROCEEDINGS{10.1007/978-3-031-36574-4_14, author={Chengjie Li and Yunchun Zhang and Zixuan Li and Fan Feng and Zikun Liao and Xiaohui Cui}, title={The Lightweight Botnet Detection Model Based on the Improved UNet}, proceedings={Digital Forensics and Cyber Crime. 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, Proceedings}, proceedings_a={ICDF2C}, year={2023}, month={7}, keywords={Botnet detection Convolutional neural networks One-dimensional convolution UNet}, doi={10.1007/978-3-031-36574-4_14} }- Chengjie Li
Yunchun Zhang
Zixuan Li
Fan Feng
Zikun Liao
Xiaohui Cui
Year: 2023
The Lightweight Botnet Detection Model Based on the Improved UNet
ICDF2C
Springer
DOI: 10.1007/978-3-031-36574-4_14
Abstract
Botnet detection tasks in many network devices require deployment of a large number of detection models. Deep learning-based Botnet detection models are big and resource-intensive. Besides, the UNet is primarily used for two-dimensional inputs but with higher complexity. This paper presents a One-Dimensional UNet (1D-UNet) based on one-dimensional feature vectors generated to design a lightweight detection engine. Second, we propose a One-Dimensional Lightweight UNet (1DL-UNet) by combining the 1D-UNet with depthwise separable convolution to reduce the model’s complexity. Finally, we reduce the number of packets for Botnet detection based on our observation that the first packet with an effective payload in a network session plays the most important role in detection. The experiments show that the 1DL-UNet outperforms other models with 99.66% accuracy and is 12 times smaller than one-dimensional MobileNet. Meanwhile, the designed 1DL-UNet is 4 times smaller than the 1D-UNet. Furthermore, it is observed that 4 packets are enough to achieve satisfactory Botnet detection while only 1 packet with effective payload is possible with 99.26% accuracy in the 1DL-UNet.
