Botnet Traffic Detection Techniques by C&C Session Classification Using SVM
نویسندگان
چکیده
Bots, which are new malignant programs are hard to detect by signature based pattern matching techniques. In this research, we focused on a unique function of the bots the remote control channel (C&C session). We clarified that the C&C session has unique characteristics that come from the behavior of bot programs. Accordingly, we propose an alternative technique to identify computers compromised by the bot program for the classification of the C&C session from the traffic data using a machine learning algorithm support vector machine (SVM). Our evaluation resulted in 95% accuracy in the identification of the C&C session by using SVM. We evaluated that the packet histogram vector of the session is better than the other vector definitions for the classification of the bot C&C session.
منابع مشابه
BotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملA Survey on Botnet Architectures, Detection and Defences
Botnets are known to be one of the most serious Internet security threats. In this survey, we review botnet architectures and their controlling mechanisms. Botnet infection behavior is explained. Then, known botnet models are outlined to study botnet design. Furthermore, Fast-Flux Service Networks (FFSN) are discussed in great details as they play an important role in facilitating botnet traffi...
متن کاملAdoption of a Fuzzy Based Classification Model for P2P Botnet Detection
Botnet threat has increased enormously with adoption of newer technologies like root kit, anti-antivirus modules etc. by the hackers. Emergence of botnets having distributed C & C structure that mimic P2P technologically, has made its detection and dismantling extremely difficult. However, numeric flow feature values of P2P botnet C & C traffic can be used to generate fuzzy rule-set which can t...
متن کاملSalting Public Traces with Attack Traffic to Test Flow Classifiers
We consider the problem of using flow-level data for detection of botnet command and control (C&C) activity. We find that current approaches do not consider timingbased calibration of the C&C traffic traces prior to using this traffic to salt a background traffic trace. Thus, timing-based features of the C&C traffic may be artificially distinctive, potentially leading to (unrealistically) optim...
متن کاملCABD: A Content Agnostic Botnet Detection System
A botnet is a network of compromised hosts controlled by a single entity, called the botmaster. These compromised hosts can be utilized for malicious activities such as Distributed Denial of Service (DDoS) attacks, SPAM, and information extraction such as the extraction of user authentication via key-logging each of which nets profits to the botmaster. Research in the detection of botnets is ex...
متن کامل