COMPUTER SCIENCE
and ENGINEERING

Botnet is one of the most significant threats to the Internet so that many botnet detection approaches have been proposed based on machine learning techniques. But botnets evolve more and more rapidly and over 70% malware created today uses one or more evasion techniques to avoid detection. Consequently, botnet detection models based on static threshold is facing the concept drift challenge. In this paper, we introduced Venn-Abers algorithm into detection model to mitigate concept drift problem. We selected KNN and KDE as scoring classifier to build a Venn-Abers predictor. The experiments show that each prediction has a probability interval output by a Venn-Abers predictor that accurately indicate the quality of prediction. The drop of prediction quality is a signature for concept drift even when the prediction result is correct.

Malware detection, Machine learning, Venn-abers prediction, Concept drift