On the use of machine learning for identifying botnet network traffic

“…Botnet detection method based on features [3,4] , according to the characteristics of communication data, the attack data stream can be quickly detected, but it is helpless to the attack with unknown features. Because the communication data stream of botnet is scarce, how to extract features is also a difficult problem.…”

Section: Related Workmentioning

confidence: 99%

Parameter Identification of an MEMS Vibratory Gyroscope with Hyperstability Theory

Wang¹,

Huang²,

Xu³

2017

dtetr

View full text Add to dashboard Cite

Abstract. Botnets communicate with legal protocols, it is difficult to directly capture botnet packets in the context of large traffic, high-speed network. Therefore, this paper analyzed the data stream to judge the botnets' activities. First of all, we set mirror port in the network core equipment to view the network data flow information, through the capture tool we could get and format data packet relevant information. Secondly, for the data flow of different unit time, different survival rates could be obtained by life table analysis. Mantel-COX analysis was then used to test the survival rates. Because botnets must inform all bots before launching attack, we could detect the presence of abnormal condition before a cyber attack taken place.

show abstract

“…1,2 A botnet is a coordinated group of infected bots that receive orders from an attacker (ie, botmaster), via various command and control (C&C) channels. [5][6][7] One of the main challenges in such systems is making a proper decision for new and unseen events. 4 In the last few years, a number of methods have been proposed to detect different types of botnets.…”

Section: Introductionmentioning

confidence: 99%

A self‐learning stream classifier for flow‐based botnet detection

Gelian

Mashayekhi

2019

Int J Communication

View full text Add to dashboard Cite

Botnets have been recently recognized as one of the most formidable threats on the Internet. Different approaches have been designed to detect these types of attacks. However, as botnets evolve their behavior to mislead the signaturebased detection systems, learning-based methods may be deployed to provide a generalization capacity in identifying unknown botnets. Developing an adaptable botnet detection system, which incrementally evolves with the incoming flow stream, remains as a challenge. In this paper, a self-learning botnet detection system is proposed, which uses an adaptable classification model. The system uses an ensemble classifier and, in order to enhance its generalization capacity, updates its model continuously on receiving new unlabeled traffic flows. The system is evaluated with a comprehensive data set, which contains a wide variety of botnets. The experiments demonstrate that the proposed system can successfully adapt in a dynamic environment where new botnet types are observed during the system operation. We also compare the system performance with other methods.

show abstract

On the use of machine learning for identifying botnet network traffic

Cited by 43 publications

References 37 publications

Botnets and Methods of Their Detection

Botnets and Methods of Their Detection

Parameter Identification of an MEMS Vibratory Gyroscope with Hyperstability Theory

A self‐learning stream classifier for flow‐based botnet detection

Contact Info

Product

Resources

About