The high costs generated by attacks and the increasing number of different devices on the Internet of Things (IoT) bolster the necessity for the early detection of botnets (i.e., the network of infected devices) as a way to gain advantage against attacks. However, early botnet detection is a challenging task given the continuous malware mutation, sophistication, and massive data volume. In a nutshell, the literature addresses botnets by modeling the behavior of malware spread, the classification of malicious traffic, and the analysis of traffic anomalies.
The ANTE system adapts itself to different scenarios and learns how to detect different types of botnets throughout its execution. Hence, the ANTE system autonomously selects the most appropriate ML pipeline for each type of botnet and improves the correct classification before an attack effectively begins.