RO  EN
IMI/Publicaţii/CSJM/Ediţii/CSJM v.33, n.3 (99), 2025/

Enhanced Botnet Detection and Neutralization through Machine Learning: A Synergistic Analysis of Host Activity, Network Patterns with Explainable Insights

Authors: B. Gomathy, S. V. Riyaayini, K. R. Krishnaprabha, T. Ritanya, A. Kaviyavalli
Keywords: Botnet Detection, DDos, Hydra, Hping, Metasploit, Slowloris, LightGBM, DBSCAN, K-Best Selection,Traffic Neutralization, Explainable AI , SHapley Additive exPlanations.

Abstract

Botnets continue to be one of the biggest cybersecurity risks since they provide a platform for a number of unlawful operations. The growing sophistication and stealth of contemporary botnet networks, which frequently elude conventional detection tools, make it difficult to identify botnets even with the availability of several detection approaches. A hybrid approach that analyzes both host-based activity and network traffic is suggested for detecting and neutralizing botnets. Tools such as Hping, Metasploit, Slowloris, and Hydra have been used to create a comprehensive dataset that blends both botnet and legitimate traffic, which helps to detect unusual activity. For efficient botnet traffic detection, the method uses a combination of the Gradient Boosting Algorithm (LightGBM) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) in an ensemble model after thorough feature extraction. A traffic neutralization technique stops the source IPs from trying to reach the destination after it has been detected. Explainable AI (XAI) techniques are incorporated to enhance interpretability and transparency, providing graphical visualisation and in-depth explanations of the identified botnet activity. A comparison study of some of the models, including Random Forest, Logistic Regression, Support Vector Machine, LightGBM, and DBSCAN individually, revealed that LightGBM combined with DBSCAN worked best with an accuracy of 95.6\%. Furthermore, the ensemble model performed better than individual models by having 96\% recall, 96\% precision, and 96\% F1 score. This comprehensive and uncomplicated method gives a strong and efficient botnet detection and neutralization solution, complementing current cybersecurity measures.

B. Gomathy1,2, S. V. Riyaayini1,3,
K. R. Krishnaprabha1,4, T. Ritanya1,5,
A. Kaviyavalli1,6
1 PSG Institute of Technology and Applied Research
Avinashi Road, Neelambur, Coimbatore, Tamil Nadu 641062
2 ORCID: https://orcid.org/0000-0002-0418-2150
E-mail:
3 ORCID: https://orcid.org/0009-0002-1433-8830
E-mail:
4 ORCID: https://orcid.org/0009-0004-1155-8373
E-mail:
5ORCID: https://orcid.org/0009-0004-2084-4857
E-mail:
6ORCID: https://orcid.org/0009-0008-7791-4798
E-mail:

DOI

https://doi.org/10.56415/csjm.v33.18

Fulltext

Adobe PDF document0.78 Mb