DOI: https://doi.org/10.32515/2664-262X.2025.11(42).2.63-69
Processing Critical Information in Corporate Networks Based on a Combined Approach of a DLP System with a Botnet Detection System
About the Authors
Oleksandr Huralnyk, PhD student in Computer Engineering, Khmelnytskyi National University, Khmelnytskyi, Ukraine, ORCID: https://orcid.org/0009-0009-1175-8726, e-mail: gurualexua@gmail.com
Oleg Savenko, Professor, Doctor of Technical Sciences, Professor of the Department of Computer Engineering and Information Systems, Khmelnytskyi National University, Khmelnytskyi, Ukraine, ORCID: https://orcid.org/0000-0002-4104-745X, e-mail: savenko_oleg_st@ukr.net
Abstract
This paper aims to develop a multi-layered cyber defense concept that combines content-aware data loss prevention and botnet detection. The goal is to provide full visibility into critical data flows in corporate networks, block leakage channels in real time, and maintain an acceptably low false positive rate. To achieve this goal, we synthesize a hybrid monitoring-detection-response-protection architecture and verify its performance in a controlled laboratory environment.
As a result of the study, an architecture of six logical nodes was formed. The end station became both a source and a consumer of data; users generated files and network sessions on it. The installed DLP agent successfully classified documents by confidentiality level, recorded actions, and generated events about a possible leak. The deployed botnet sensor timely detected characteristic anomalies in the traffic. Both event streams were consolidated into a single incident console, where they were supplemented with user, device, and data class context. The policy engine then correctly assessed the risk based on adaptive thresholds and made decisions on blocking, encrypting, or logging. The response engine implemented this decision, sent an order to the agent to block or encrypt files, and synchronously set network rules that interrupted the botnet channel. After performing the actions, the system returned confirmation to the console, ensuring a complete audit cycle.
The integrated solution correctly processed 97.8% of malicious events, while keeping false positives at 2.2%. The median detection time remained below 0.8 seconds, and full containment of critical data occurred within 1.3 seconds of the attack. The results confirm that correlating botnet behavior with data classification context dramatically reduces noise and speeds up response. By integrating up-to-date DLP platforms with other cybersecurity tools, an organization significantly reduces the likelihood of leakage and maintains the resilience of its information resources in an environment of growing digital threats.
Keywords
botnet, DLP, data exfiltration, critical information, corporate networks
Full Text:
PDF
References
1. Kapko, M. (2025, March 18). Infostealers fueled cyberattacks and snagged 2.1B credentials last year. CyberScoop. https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/
2. Whitmore, W. (2024, February 28). Today’s attack trends: Unit 42 incident response report. Palo Alto Networks Blog. https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/
3. Barry, C. (2025, March 21). Top threats of the 2024 botnet landscape. Barracuda Blog. https://blog.barracuda.com/2025/03/21/top-threats-of-the-2024-botnet-landscape
4. Patel, V., Shukla, H., & Raval, A. (2025). Enhancing botnet detection with machine learning and explainable AI: A step towards trustworthy AI security. International Journal for Multidisciplinary Research, 7(2), Article 39353. https://doi.org/10.36948/ijfmr.2025.v07i02.39353
5. Alshaeaa, H. Y., & Ghadhban, Z. M. (2024). Developing a hybrid feature selection method to detect botnet attacks in IoT devices. Kuwait Journal of Science, 51(3), Article 100222. https://doi.org/10.1016/j.kjs.2024.100222
6. Sousa, B., Dias, D., Antunes, N., Cámara, G., Wagner, R., Schmerl, B., Garlan, D., & Fidalgo, P. (2024). MONDEO-Tactics5G: Multistage botnet detection and tactics for 5G/6G networks. Computers & Security, 140, Article 103768. https://doi.org/10.1016/j.cose.2024.103768
7. Savenko, O., Sachenko, A., Lysenko, S., Markowsky, G., & Vasylkiv, N. (2020). Botnet detection approach based on the distributed systems. International Journal of Computing, 19(2), 190–198. https://doi.org/10.47839/ijc.19.2.1761
8. Lysenko, S., Savenko, O., & Bobrovnikova, K. (2018). DDoS botnet detection technique based on the use of the semi-supervised fuzzy c-means clustering. CEUR Workshop Proceedings, 2104, 688–695. https://ceur-ws.org/Vol-2104/paper_251.pdf
9. Wang, Z., & Thing, V. (2023). Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms. Computers & Security, 128, Article 103143. https://doi.org/10.1016/j.cose.2023.103143
10. Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., & Savenko, B. (2017). Information technology for botnets detection based on their behaviour in the corporate area network. In P. Gaj, A. Kwiecień, & M. Sawicki (Eds.), Computer Networks: CN 2017 (Communications in Computer and Information Science, 718). Springer. https://doi.org/10.1007/978-3-319-59767-6_14
11. Lysenko, S., Bobrovnikova, K., & Savenko, O. (2018). A botnet detection approach based on the clonal selection algorithm. In Proceedings of the IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 424–428). IEEE. https://doi.org/10.1109/DESSERT.2018.8409171
12. Noman, A. (2024). Advancements and best practices in data loss prevention: A comprehensive review. ResearchGate. https://www.researchgate.net/publication/387325365_Advancements_and_Best_Practices_in_Data_Loss_Prevention_A_Comprehensive_Review.
13. Miao, W., Zhao, X., Zhang, Y., Chen, S., Li, X., & Li, Q. (2024). A deep learning-based method for preventing data leakage in electric power industrial internet of things business data interactions. Sensors, 24(13), 4069. https://doi.org/10.3390/s24134069
14. Gupta, K., & Kush, A. (2023). A learning oriented DLP system based on classification model. arXiv. https://doi.org/10.48550/arXiv.2312.13711
Citations
1. Kapko М. Infostealers fueled cyberattacks and snagged 2.1B credentials last year. CyberScoop. 2025. 18 March. URL: https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/ (дата звернення: 02.04.25).
2. Whitmore W. Today’s Attack Trends - Unit 42 Incident Response Report. Palo Alto Networks. 2024. 28 February. URL: https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/ (дата звернення: 02.04.25).
3. Barry C. Top threats of the 2024 botnet landscape. Barracuda. 2025. 21 March. URL: https://blog.barracuda.com/2025/03/21/top-threats-of-the-2024-botnet-landscape (дата звернення: 02.04.25).
4. Patel, V., Shukla, H., Raval, A. Enhancing botnet detection with machine learning and explainable AI: a step towards trustworthy AI security. IJFMR. 2025. 7(2). 39353 URL: https://doi.org/10.36948/ijfmr.2025.v07i02.39353 (дата звернення: 03.04.25).
5. Alshaeaa, H. Y., Ghadhban, Z. M. Developing a hybrid feature selection method to detect botnet attacks in IoT devices. Kuwait Journal of Science. 2024. 51(3). 100222. URL: https://doi.org/10.1016/j.kjs.2024.100222 (дата звернення: 03.04.25).
6. Sousa, B., Dias, D., Antunes, N., Cámara, G., Wagner, R., Schmerl, B., Garlan, D., Fidalgo, P. MONDEO-Tactics5G: Multistage botnet detection and tactics for 5G/6G networks. Computer Security. 2024. 140. 103768. URL: https://doi.org/10.1016/j.cose.2024.103768 (дата звернення: 03.04.25).
7. Savenko, O., Sachenko, A., Lysenko, S., Markowsky, G., Vasylkiv, N. Botnet detection approach based on the distributed systems. International Journal of Computing. 2020. 19(2). 190-198. URL: https://doi.org/10.47839/ijc.19.2.1761 (дата звернення: 03.04.25).
8. Lysenko, S., Savenko, O., Bobrovnikova, K. DDoS botnet detection technique based on the use of the semi-supervised fuzzy c-means clustering. 2018. CEUR-WS. 2104. 688-695. URL: https://ceur-ws.org/Vol-2104/paper_251.pdf
9. Wang, Z., Thing,V. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms. 2023. Computers & Security. 128. 103143. URL: https://doi.org/10.1016/j.cose.2023.103143 (дата звернення: 03.04.25).
10. Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B. Information technology for botnets detection based on their behaviour in the corporate area network. in: Gaj, P., Kwiecień, A., Sawicki, M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science. 2017. vol 718. Springer, Cham. URL: https://doi.org/10.1007/978-3-319-59767-6_14 (дата звернення: 05.04.25).
11. Lysenko, S., Bobrovnikova, K., Savenko, O. A botnet detection approach based on the clonal selection algorithm. Proceedings of the IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). 2018. Kyiv Ukraine. 424-428. URL: https://doi.org/10.1109/DESSERT.2018.8409171 (дата звернення: 05.04.25).
12. Noman, A. Advancements and best practices in data loss prevention: A comprehensive review. ResearchGate. 2024. URL: https://www.researchgate.net/publication/387325365_Advancements_ and_Best_Practices_in_Data_Loss_Prevention_A_Comprehensive_Review (дата звернення: 05.04.25).
13. Miao, W., Zhao, X., Zhang, Y., Chen, S., Li, X., Li, Q. A deep learning-based method for preventing data leakage in electric power industrial internet of things business data interactions. Sensors. 2024. 24(13). 4069. URL: https://doi.org/10.3390/s24134069 (дата звернення: 05.04.25).
14. Gupta, K., Kush, A. A learning oriented DLP system based on classification model. arXiv. 2023. URL: https://doi.org/10.48550/arXiv.2312.13711 (дата звернення: 05.04.25).
Copyright (c) 2025 Oleksandr Huralnyk, Oleg Savenko
Processing Critical Information in Corporate Networks Based on a Combined Approach of a DLP System with a Botnet Detection System
About the Authors
Oleksandr Huralnyk, PhD student in Computer Engineering, Khmelnytskyi National University, Khmelnytskyi, Ukraine, ORCID: https://orcid.org/0009-0009-1175-8726, e-mail: gurualexua@gmail.com
Oleg Savenko, Professor, Doctor of Technical Sciences, Professor of the Department of Computer Engineering and Information Systems, Khmelnytskyi National University, Khmelnytskyi, Ukraine, ORCID: https://orcid.org/0000-0002-4104-745X, e-mail: savenko_oleg_st@ukr.net
Abstract
Keywords
Full Text:
PDFReferences
1. Kapko, M. (2025, March 18). Infostealers fueled cyberattacks and snagged 2.1B credentials last year. CyberScoop. https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/
2. Whitmore, W. (2024, February 28). Today’s attack trends: Unit 42 incident response report. Palo Alto Networks Blog. https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/
3. Barry, C. (2025, March 21). Top threats of the 2024 botnet landscape. Barracuda Blog. https://blog.barracuda.com/2025/03/21/top-threats-of-the-2024-botnet-landscape
4. Patel, V., Shukla, H., & Raval, A. (2025). Enhancing botnet detection with machine learning and explainable AI: A step towards trustworthy AI security. International Journal for Multidisciplinary Research, 7(2), Article 39353. https://doi.org/10.36948/ijfmr.2025.v07i02.39353
5. Alshaeaa, H. Y., & Ghadhban, Z. M. (2024). Developing a hybrid feature selection method to detect botnet attacks in IoT devices. Kuwait Journal of Science, 51(3), Article 100222. https://doi.org/10.1016/j.kjs.2024.100222
6. Sousa, B., Dias, D., Antunes, N., Cámara, G., Wagner, R., Schmerl, B., Garlan, D., & Fidalgo, P. (2024). MONDEO-Tactics5G: Multistage botnet detection and tactics for 5G/6G networks. Computers & Security, 140, Article 103768. https://doi.org/10.1016/j.cose.2024.103768
7. Savenko, O., Sachenko, A., Lysenko, S., Markowsky, G., & Vasylkiv, N. (2020). Botnet detection approach based on the distributed systems. International Journal of Computing, 19(2), 190–198. https://doi.org/10.47839/ijc.19.2.1761
8. Lysenko, S., Savenko, O., & Bobrovnikova, K. (2018). DDoS botnet detection technique based on the use of the semi-supervised fuzzy c-means clustering. CEUR Workshop Proceedings, 2104, 688–695. https://ceur-ws.org/Vol-2104/paper_251.pdf
9. Wang, Z., & Thing, V. (2023). Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms. Computers & Security, 128, Article 103143. https://doi.org/10.1016/j.cose.2023.103143
10. Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., & Savenko, B. (2017). Information technology for botnets detection based on their behaviour in the corporate area network. In P. Gaj, A. Kwiecień, & M. Sawicki (Eds.), Computer Networks: CN 2017 (Communications in Computer and Information Science, 718). Springer. https://doi.org/10.1007/978-3-319-59767-6_14
11. Lysenko, S., Bobrovnikova, K., & Savenko, O. (2018). A botnet detection approach based on the clonal selection algorithm. In Proceedings of the IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 424–428). IEEE. https://doi.org/10.1109/DESSERT.2018.8409171
12. Noman, A. (2024). Advancements and best practices in data loss prevention: A comprehensive review. ResearchGate. https://www.researchgate.net/publication/387325365_Advancements_and_Best_Practices_in_Data_Loss_Prevention_A_Comprehensive_Review.
13. Miao, W., Zhao, X., Zhang, Y., Chen, S., Li, X., & Li, Q. (2024). A deep learning-based method for preventing data leakage in electric power industrial internet of things business data interactions. Sensors, 24(13), 4069. https://doi.org/10.3390/s24134069
14. Gupta, K., & Kush, A. (2023). A learning oriented DLP system based on classification model. arXiv. https://doi.org/10.48550/arXiv.2312.13711
Citations
1. Kapko М. Infostealers fueled cyberattacks and snagged 2.1B credentials last year. CyberScoop. 2025. 18 March. URL: https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/ (дата звернення: 02.04.25).
2. Whitmore W. Today’s Attack Trends - Unit 42 Incident Response Report. Palo Alto Networks. 2024. 28 February. URL: https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/ (дата звернення: 02.04.25).
3. Barry C. Top threats of the 2024 botnet landscape. Barracuda. 2025. 21 March. URL: https://blog.barracuda.com/2025/03/21/top-threats-of-the-2024-botnet-landscape (дата звернення: 02.04.25).
4. Patel, V., Shukla, H., Raval, A. Enhancing botnet detection with machine learning and explainable AI: a step towards trustworthy AI security. IJFMR. 2025. 7(2). 39353 URL: https://doi.org/10.36948/ijfmr.2025.v07i02.39353 (дата звернення: 03.04.25).
5. Alshaeaa, H. Y., Ghadhban, Z. M. Developing a hybrid feature selection method to detect botnet attacks in IoT devices. Kuwait Journal of Science. 2024. 51(3). 100222. URL: https://doi.org/10.1016/j.kjs.2024.100222 (дата звернення: 03.04.25).
6. Sousa, B., Dias, D., Antunes, N., Cámara, G., Wagner, R., Schmerl, B., Garlan, D., Fidalgo, P. MONDEO-Tactics5G: Multistage botnet detection and tactics for 5G/6G networks. Computer Security. 2024. 140. 103768. URL: https://doi.org/10.1016/j.cose.2024.103768 (дата звернення: 03.04.25).
7. Savenko, O., Sachenko, A., Lysenko, S., Markowsky, G., Vasylkiv, N. Botnet detection approach based on the distributed systems. International Journal of Computing. 2020. 19(2). 190-198. URL: https://doi.org/10.47839/ijc.19.2.1761 (дата звернення: 03.04.25).
8. Lysenko, S., Savenko, O., Bobrovnikova, K. DDoS botnet detection technique based on the use of the semi-supervised fuzzy c-means clustering. 2018. CEUR-WS. 2104. 688-695. URL: https://ceur-ws.org/Vol-2104/paper_251.pdf
9. Wang, Z., Thing,V. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms. 2023. Computers & Security. 128. 103143. URL: https://doi.org/10.1016/j.cose.2023.103143 (дата звернення: 03.04.25).
10. Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B. Information technology for botnets detection based on their behaviour in the corporate area network. in: Gaj, P., Kwiecień, A., Sawicki, M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science. 2017. vol 718. Springer, Cham. URL: https://doi.org/10.1007/978-3-319-59767-6_14 (дата звернення: 05.04.25).
11. Lysenko, S., Bobrovnikova, K., Savenko, O. A botnet detection approach based on the clonal selection algorithm. Proceedings of the IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). 2018. Kyiv Ukraine. 424-428. URL: https://doi.org/10.1109/DESSERT.2018.8409171 (дата звернення: 05.04.25).
12. Noman, A. Advancements and best practices in data loss prevention: A comprehensive review. ResearchGate. 2024. URL: https://www.researchgate.net/publication/387325365_Advancements_ and_Best_Practices_in_Data_Loss_Prevention_A_Comprehensive_Review (дата звернення: 05.04.25).
13. Miao, W., Zhao, X., Zhang, Y., Chen, S., Li, X., Li, Q. A deep learning-based method for preventing data leakage in electric power industrial internet of things business data interactions. Sensors. 2024. 24(13). 4069. URL: https://doi.org/10.3390/s24134069 (дата звернення: 05.04.25).
14. Gupta, K., Kush, A. A learning oriented DLP system based on classification model. arXiv. 2023. URL: https://doi.org/10.48550/arXiv.2312.13711 (дата звернення: 05.04.25).