Botnet Detection by Network Behavior Analysis
Mr. Yogesh Sharma, Maharaja Agrasen Institute of Technology; Nipun Agrawal ,Maharaja Agrasen Institute of Technology
Bot, Bot-master, Botnet, P2P, Flows, Feature Vector
one of the most possible vulnerabilities to data available over network can be a botnet attack which can cause significant amount of data loss. A botnet attack is a type of malicious attack that utilizes a series of connected computers to attack or take down a network, network device, website or an IT environment. The attack can slow down the network/server, making it busy enough that other legitimate users are unable to access it or temporarily freeze the server. Distributed denial of service (DDOS) is common example of a botnet attack that utilizes a number of botnet devices to send a large number of simultaneous requests/packets to the targeted system. Thus in this paper we collected data sets (i.e. packets travelling in a network) from various sources and merged it to obtain a larger set comprising of benign and malicious traffic. The packets are then analysed to obtain TCP/UDP based flows. Features are then computed for all the flows identified and listed in a feature vector table. We further tried to parallelize the feature computation work using Hadoop map reduce framework. The feature vector table can be further used to train the classifier for segregating the malicious traffic from the benign traffic.
-
[1] S. Saad and W. Lu, "Detecting P2P botnets through network behavior analysis and machine learning," in Proceedings of 9th Annual Conference on Privacy, Security and Trust (PST), IEEE, 2011.
[2] D. Zhao and W. Lu, "Peer to Peer Botnet Detection Based on Flow Intervals," in Information Security and Privacy Research. Springer Berlin Heidelberg, 2012, pp. 87-102
[3] P.Narang, J.M. Reddy and C. Hota, "Feature selection for detection of peer-to-peer botnet traffic", In Proceedings of the 6th ACM India Computing Convention ACM, 2013
[4] Gregory Fedynyshyn, Mooi Choo Chuah, and Gang Tan,” Detection and Classification of Different Botnet C&C Channels” www.cse.psu.edu/~gxt29/paper
[5] Sherif Saad, Issa Traore, Ali Ghorbani, Bassam Sayed, David Zhao, Wei Lu, John Felix, Payman Hakimian,” Detecting P2P botnets through network behavior analysis and machine learning”
Website References
[6] http://resources.infosecinstitute.com/botnets-and-cybercrime-introduction/
[7] http://in.norton.com/botnet
[8] http://ilookbothways.com/page/4/
[9] http://mac-internet-security-software-review.toptenreviews.com/how-do-i-know-if-my-computer-is-a-botnet-zombie-.html
[10] http://www.chmag.in/ro/node/420
[11] http://www.uvic.ca/engineering/ece/isot/assets/docs/isot-datase.pdf
Paper ID: GRDJEV02I110005
Published in: Volume : 2, Issue : 11
Publication Date: 2017-11-01
Page(s): 34 - 40
Published in: Volume : 2, Issue : 11
Publication Date: 2017-11-01
Page(s): 34 - 40