3.1 Identifying Bot Masters Based On Ensemble Learning Classifiers
The proposed robust analyzer based on network forensic involves in processing vast amount of data that is being collected, stored and analyzed for ascertaining; how an attack was carried out or how an event occurred in a network and also for ensuring the overall integrity. Since network traffic information are volatile and dynamic, this work has proposed aagglomerative-divisivebased web usage miningwhichclassifies different types of attributes such as Access time, Destination IP address, port number, types of protocol used, inter arrival time, frequently requested data, packet length, number of request, Sender MAC address, Destination MAC address, Sending time in network traffic based on spatial and temporary data to prevent missing helpful data from unlabeled samples without requiring previous specification of the amount of clusters. Subsequently, clustered data are fed to theweb structural mining based on WAP (Web Access Pattern-tree)which groups the network traffic information based on their topology in which connected to the botmaster are compromised nodes who would change the topology once the task is completed by the compromised nodes.The preprocessed network traffic information would be subjected to the robust key identifierwhichdecrypts the network traffic.
Finally in order to nab the botmaster the decoded network traffic information would be given to theensemble learner based on random forest algorithms which has the capacity to explore assaults by tracing the attack back to the source and finding the nature of the attacker if he or she is a individual, host or network, as well as predicting future assaults with elevated precision by correlating attack patterns with prior traffic data records.