Learning Model Generalisation for Bot Detection.

Efficient bot detection is a crucial security matter, widely explored in the past years. The current literature reaches very high detection rates with few false positives. However, such systems usually rely on a fastidious and difficult labelling process as well as a time-consuming training step, to be fit for the target network. We want to overcome these boundaries by using only one labelled dataset and using it directly on other networks with different characteristics and attacks. In this paper, we develop an algorithm to efficiently detect botnets, able to transfer the learning performed on a given network by exploiting this knowledge to detect bots on other networks with different characteristics. Two variants of our solution were developed, depending on the similarity between the training and test networks. We validated our solution on real production environments from RoEduNet as well as the CTU-13 dataset.