Botnet Detection using Clustering Algorithms

نویسندگان

  • Francisco Villegas Alejandre
  • Nareli Cruz Cortés
  • Eleazar Aguirre Anaya
چکیده

In this paper, some clustering techniques are analyzed to compare their ability to detect botnet traffic by selecting features that distinguish connections belonging to or not belonging to a botnet. By considering the history of network’s connections, some clustering algorithms are used to derive a set of rules to decide which should be considered as a botnet. Our main contribution is to evaluate different clustering techniques to detect botnets based on their detection rate (true and false positives). The algorithms used are K-medoids and K-means clustering. Datasets used in this paper were extracted from the repositories ISOT and ISCX. Results on K-medoids were better for almost all the experiments than K-means.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

BotOnus: an online unsupervised method for Botnet detection

Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...

متن کامل

A Survey of Botnet Detection Techniques by Command and Control Infrastructure

Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting p...

متن کامل

BOTNET Detection Approach by DNS Behavior and Clustering Analysis

Botnets are one of the most serious threats to internet security. A botnet is a network of computers on internet which are under the influence of a malware code, oblivious to the owner of that computer and sends out transmissions (virus or spam) to other computers on internet. Botnet can be utilized for DoS attacks, phishing, spamming and many other fraudulent activities. Therefore, it is impor...

متن کامل

Botnet Detection Through Fine Flow Classification

The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...

متن کامل

BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle

Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Research in Computing Science

دوره 118  شماره 

صفحات  -

تاریخ انتشار 2016