Peer to Peer Botnet Detection Based on Flow Intervals

Abstract : Botnets are becoming the predominant threat on the Internet today and is the primary vector for carrying out attacks against organizations and individuals. Botnets have been used in a variety of cybercrime, from click-fraud to DDOS attacks to the generation of spam. In this paper we propose an approach to detect botnet activity by classifying network traffic behavior using machine learning classification techniques. We study the feasibility of detecting botnet activity without having seen a complete network flow by classifying behavior based on time intervals and we examine the performance of two popular classification techniques with respect to this data. Using existing datasets, we show experimentally that it is possible to identify the presence of botnet activity with high accuracy even with very small time windows, though there are some limitations to the approach based on the selection of attributes.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.87-102, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_8〉
Liste complète des métadonnées

Littérature citée [1 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518229
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:25
Dernière modification le : jeudi 4 mai 2017 - 14:53:54
Document(s) archivé(s) le : samedi 5 août 2017 - 13:17:00

Fichier

978-3-642-30436-1_8_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

David Zhao, Issa Traore, Ali Ghorbani, Bassam Sayed, Sherif Saad, et al.. Peer to Peer Botnet Detection Based on Flow Intervals. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.87-102, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_8〉. 〈hal-01518229〉

Partager

Métriques

Consultations de la notice

90

Téléchargements de fichiers

98