Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Computer Science > Cryptography and Security [Submitted on 21 May 2026] Botnet Detection on CTU-13 Using Lightweight Machine Learning Models Subhash Gurappa, Yashas Hariprasad, Sundararaj Sitharama Iyengar, Naveen Kumar Chaudhary Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service (DDoS). While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack interpretability. We present a comparative study of lightweight machine learning models including Logistic Regression, Decision Tree, and Random Forest on the CTU-13 dataset, a benchmark for botnet traffic analysis. We extract interpretable flow-based features and evaluate each model on detection accuracy, precision, recall, F1 score, and feature importance. Results demonstrate that lightweight models can achieve competitive detection performance with minimal computational cost, while also offering interpretability critical for forensic investigation. On CTU-13, our Random Forest achieves a PR-AUC of approximately 0.54 and ROC-AUC of 0.97 while training over 90% faster than published CNN baselines. These results demonstrate that lightweight models can match or exceed deep-learning performance under natural class imbalance while maintaining interpretability and low computational cost. Comments: 4th International Conference on Information Security, Privacy and Digital Forensics (ICISPD), 2025 Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2605.23004 [cs.CR]   (or arXiv:2605.23004v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2605.23004 Focus to learn more Submission history From: Subhash Gurappa [view email] [v1] Thu, 21 May 2026 20:16:14 UTC (573 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-05 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)