Peer to Peer Botnet Detection Based on Flow Intervals [chapter]

David Zhao, Issa Traore, Ali Ghorbani, Bassam Sayed, Sherif Saad, Wei Lu
2012 IFIP Advances in Information and Communication Technology  
Botnets are becoming the predominant threat on the Internet today and is the primary vector for carrying out attacks against organizations and individuals. Botnets have been used in a variety of cybercrime, from click-fraud to DDOS attacks to the generation of spam. In this paper we propose an approach to detect botnet activity by classifying network traffic behavior using machine learning classification techniques. We study the feasibility of detecting botnet activity without having seen a
more » ... lete network flow by classifying behavior based on time intervals and we examine the performance of two popular classification techniques with respect to this data. Using existing datasets, we show experimentally that it is possible to identify the presence of botnet activity with high accuracy even with very small time windows, though there are some limitations to the approach based on the selection of attributes.
doi:10.1007/978-3-642-30436-1_8 fatcat:puuzvflvcrg7bke67o3wwlw3sa