BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows

Abstract : Botnets are one of the most dangerous and serious cybersecurity threats since they are a major vector of large-scale attack campaigns such as phishing, distributed denial-of-service (DDoS) attacks, trojans, spams, etc. A large body of research has been accomplished on botnet detection, but recent security incidents show that there are still several challenges remaining to be addressed, such as the ability to develop detectors which can cope with new types of botnets. In this paper, we propose BotGM, a new approach to detect botnet activities based on behavioral analysis of network traffic flow. BotGM identifies network traffic behavior using graph-based mining techniques to detect botnets behaviors and model the dependencies among flows to trace-back the root causes then. We applied BotGM on a publicly available large dataset of Botnet network flows, where it detects various botnet behaviors with a high accuracy without any prior knowledge of them.
Document type :
Conference papers
Complete list of metadatas

Cited literature [29 references]  Display  Hide  Download

https://hal.inria.fr/hal-01636480
Contributor : Jérôme François <>
Submitted on : Thursday, November 16, 2017 - 4:03:10 PM
Last modification on : Thursday, February 7, 2019 - 4:52:13 PM
Long-term archiving on : Saturday, February 17, 2018 - 4:36:56 PM

File

botgm-csnet.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01636480, version 1

Citation

Sofiane Lagraa, Jerome Francois, Abdelkader Lahmadi, Marine Miner, Christian Hammerschmidt, et al.. BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows. CSNet 2017 - 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil. ⟨hal-01636480⟩

Share

Metrics

Record views

483

Files downloads

746