Peer to Peer Botnet Detection Based on Flow Intervals - Archive ouverte HAL Access content directly
Conference Papers Year : 2012

Peer to Peer Botnet Detection Based on Flow Intervals

(1) , (1) , (2) , (1) , (1) , (3)
Ali Ghorbani
  • Function : Author
  • PersonId : 1007477
Wei Lu
  • Function : Author
  • PersonId : 1007480


Botnets are becoming the predominant threat on the Internet today and is the primary vector for carrying out attacks against organizations and individuals. Botnets have been used in a variety of cybercrime, from click-fraud to DDOS attacks to the generation of spam. In this paper we propose an approach to detect botnet activity by classifying network traffic behavior using machine learning classification techniques. We study the feasibility of detecting botnet activity without having seen a complete network flow by classifying behavior based on time intervals and we examine the performance of two popular classification techniques with respect to this data. Using existing datasets, we show experimentally that it is possible to identify the presence of botnet activity with high accuracy even with very small time windows, though there are some limitations to the approach based on the selection of attributes.
Fichier principal
Vignette du fichier
978-3-642-30436-1_8_Chapter.pdf (660.29 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-01518229 , version 1 (04-05-2017)


Attribution - CC BY 4.0



David Zhao, Issa Traore, Ali Ghorbani, Bassam Sayed, Sherif Saad, et al.. Peer to Peer Botnet Detection Based on Flow Intervals. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.87-102, ⟨10.1007/978-3-642-30436-1_8⟩. ⟨hal-01518229⟩
74 View
146 Download



Gmail Facebook Twitter LinkedIn More