The SB-Net, a cybersecurity software, is designed to detect and classify botnet attacks from internet traffic. It applies an ensemble feature selection approach that integrates multiple techniques with rank aggregation to systematically identify the most relevant traffic features. This extracted feature set is then processed by a two-stage cascade learner classification model to categorize the traffic into three distinct classes. The first stage separates normal traffic from general botnet traffic, while the second stage further categorizes the identified botnet traffic into spam and non-spam botnet classes. Experimental evaluations demonstrate that the framework achieves optimal performance when a Random Forest model is applied across both stages. Averaged across all testing scenarios, the software achieved an outstanding macro-average precision of 99.81%, a recall of 99.78%, an F1-score of 99.79%, and an F2-score of 99.79%. Through this robust framework, SB-Net effectively distinguishes granular types of malicious traffic from normal activity, demonstrating its strong potential for practical implementation in real-world cybersecurity systems.
Thandya et al. (Sat,) studied this question.