Botnet detection via mining of traffic flow characteristics

• A new traffic flow behavior analysis method has been proposed to detect botnets irrespective of their control structures.
• Benchmark datasets collected from various sources, such as ISOT Botnet dataset from University of Victoria, Conficker dataset from CAIDA, dataset from CVUT University, dataset from Dalhousie University and dataset from Centro University.
• It can successfully detect the various types of botnets with a high detection rate and a low false positive rate.

Botnet is one of the most serious threats to cyber security as it provides a distributed platform for several illegal activities. Regardless of the availability of numerous methods proposed to detect botnets, still it is a challenging issue as botmasters are continuously improving bots to make them stealthier and evade detection. Most of the existing detection techniques cannot detect modern botnets in an early stage, or they are specific to command and control protocol and structures. In this paper, we propose a novel approach to detect botnets irrespective of their structures, based on network traffic flow behavior analysis and machine learning techniques. The experimental evaluation of the proposed method with real-world benchmark datasets shows the efficiency of the method. Also, the system is able to identify the new botnets with high detection accuracy and low false positive rate.

Figure optionsDownload as PowerPoint slide