Compares botnet detection methods by computing the error metrics by reading the labels on a NetFlow file. The original NetFlow should have a new column for the ground-truth label, and a new column with the prediction label for each botnet detection method.
This program computes all the error metrics (TPR, TNR, FPR, FNR, Precision, Accuracy, ErrorRate, FMeasure1, FMeasure2, FMeasure0.5) and output the comparison results. It also ouputs a png plot.
The program can compare in a flow-by-flow basis, or it can apply our new botnet detection error metrics, that is time-based, detects IP addresses instead of flows and it is weighted to favor sooner detections. See the paper for more details.
Be the first to post a review of Botnet Detectors Comparer!