International Journal of Electrical and Computer Engineering (IJECE) Vol. 13, No. 6, December 2023, pp. 6827~6835 ISSN: 2088-8708, DOI: 10.11591/ijece.v13i6.pp6827-6835  6827 Journal homepage: http://ijece.iaescore.com Performance evaluation of botnet detection using machine learning techniques Sneha Padhiar, Ritesh Patel U and P U. Patel Department of Computer Engineering, CHARUSAT University, Gujarat, India Article Info ABSTRACT Article history: Received Feb 3, 2023 Revised Jul 11, 2023 Accepted Jul 17, 2023 Cybersecurity is seriously threatened by Botnets, which are controlled networks of compromised computers. The evolving techniques used by botnet operators make it difficult for traditional methods of botnet identification to stay up. Machine learning has become increasingly effective in recent years as a means of identifying and reducing these hazards. The CTU-13 dataset, a frequently used dataset in the field of cybersecurity, is used in this study to offer a machine learning-based method for botnet detection. The suggested methodology makes use of the CTU-13, which is made up of actual network traffic data that was recorded in a network environment that had been attacked by a botnet. The dataset is used to train a variety of machine learning algorithms to categorize network traffic as botnet-related/benign, including decision tree, regression model, naïve Bayes, and neural network model. We employ a number of criteria, such as accuracy, precision, and sensitivity, to measure how well each model performs in categorizing both known and unidentified botnet traffic patterns. Results from experiments show how well the machine learning based approach detects botnet with accuracy. It is potential for use in actual world is demonstrated by the suggested system’s high detection rates and low false positive rates. Keywords: Command and control (C and C server) CTU-13 Machine learning Performance evaluation Traffic detection This is an open access article under the CC BY-SA license. Corresponding Author: Sneha Padhiar U and P U. Patel Department of Computer Engineering, CHARUSAT University Gujarat-388421, India Email: snehapadhiar.ce@charusat.ac.in 1. INTRODUCTION An ever-changing threat scenario is accompanied by an increasing complexity in internet architecture. Hackers seek to discover ways to take advantage of weaknesses that may occur in a range of contexts, including devices, data, applications, people, and places. Botnets are a serious concern. There are three components of a botnet: the botmaster, the infected machine, and the administrative server (C and C server). It takes two steps for a botnet to communicate: first, a botmaster sends instructions to the botnet via remote link or directly to the bots. As a result of this, the controlled bots are able to carry out malicious actions after receiving malicious commands [1]. The threat of botnets compromising the fundamental principles of confidentiality, integrity, and availability is becoming increasingly clear as botnets pose an increasing threat to network security. It is especially important to note that distributed denial of service (DDoS) attacks can be launched using botnets that have a negative impact on the availability and performance of a network [2]. In general, botnet detection is done from two different angles: host-based and network-based. An abnormal use of computation resources can be identifies using the first technique. As an example, it monitors abnormally high central processing unit (CPU) usage and memory consumption. An analysis of the bot’s