3.1 Identifying Bot Masters Based On Ensemble Learning
Classifiers
The proposed robust analyzer based on network forensic involves in
processing vast amount of data that is being collected, stored and
analyzed for ascertaining; how an attack was carried out or how an event
occurred in a network and also for ensuring the overall integrity. Since
network traffic information are volatile and dynamic, this work has
proposed aagglomerative-divisivebased web usage miningwhichclassifies
different types of attributes such as Access time, Destination IP
address, port number, types of protocol used, inter arrival time,
frequently requested data, packet length, number of request, Sender MAC
address, Destination MAC address, Sending time in network traffic based
on spatial and temporary data to prevent missing helpful data from
unlabeled samples without requiring previous specification of the amount
of clusters. Subsequently, clustered data are fed to theweb structural
mining based on WAP (Web Access Pattern-tree)which groups the network
traffic information based on their topology in which connected to the
botmaster are compromised nodes who would change the topology once the
task is completed by the compromised nodes.The preprocessed network
traffic information would be subjected to the robust key
identifierwhichdecrypts the network traffic.
Finally in order to nab the botmaster the decoded network traffic
information would be given to theensemble learner based on random forest
algorithms which has the capacity to explore assaults by tracing the
attack back to the source and finding the nature of the attacker if he
or she is a individual, host or network, as well as predicting future
assaults with elevated precision by correlating attack patterns with
prior traffic data records.