International Journal of Modern Education and Computer Science (IJMECS)
IJMECS Vol. 11, No. 5, 8 May 2019
Cover page and Table of Contents: PDF (size: 648KB)
Detection of Botnet Using Flow Analysis and Clustering Algorithm
Full Text (PDF, 648KB), PP.34-40
Views: 0 Downloads: 0
Index Terms
Botnet, Flow Analysis, Machine Learning, Network Traffic, Clustering, Detection
Abstract
With the increase of digital data on the internet, computers are at higher risk of getting corrupted through cyber-attacks. Criminals are adopting more and more sophisticated techniques to steal sensitive information from the web. The botnet is one of the most aggressive threats as it combines lots of advanced malicious techniques. Detection of the botnet is one of the most serious concerns and prominent research area among the researchers. This paper proposes a detection model using the clustering algorithm to group bot traffic and normal traffic into two different clusters. Our contribution focused on applying K-means clustering algorithm to detect botnets based on their detection rate (true and false positives). Experimental results clearly demonstrate the fact that with the help of clustering we were able to separate the complete dataset into two entirely distinguishable clusters, where one cluster is representing the botnet traffic and other one representing the normal traffic.
Cite This Paper
Prachi, Sherya, Shruti, Vanshika, "Detection of Botnet Using Flow Analysis and Clustering Algorithm", International Journal of Modern Education and Computer Science(IJMECS), Vol.11, No.5, pp. 34-40, 2019.DOI: 10.5815/ijmecs.2019.05.04
Reference
[1]Hogben, G. (ed.), “Botnets: Detection, measurement, disinfection and defence,” ENISA, Tech. Rep., 2011.
[2]Symantec Inc.: Symantec global internet security threat report, trends for 2010. Security Report XVI, Symantec Inc.
[3]Raffaello Perrotta, and Feng Hao “Botnet in the Browser”, IEEE Security and Privacy Magazine 16(4), Sept. 2017
[4]P Wang, B Aslam, CC ZoU, (2010). Peer-to- peer botnets. Handbook of Information and Communication Security, pp. 335-350.
[5]Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions of Software Engineering, 13(2), 222–232.
[6]Roesch, M. (1999). Snort—Lightweight intrusion detection for networks. In Proceedings of the 13th USENIX conference on System administration (pp. 229-238), Seattle, Washington.
[7]Strayer W.T., Lapsely D., Walsh R., Livadas C. (2008). Botnet Detection Based on Network Behavior. In: Lee W., Wang C., Dagon D. (eds) Botnet Detection. Advances in Information Security (vol 36, pp. 1-24). Springer, Boston, MA.
[8]Zeidanloo, H. R., Manaf, A. B., Vahdani, P., Tabatabaei, F., & Zamani, M. (2010). Botnet detection based on traffic monitoring. In International Conference on Networking and Information Technology (pp. 97-101), Manila, Philippines.
[9]Wurzinger P., Bilge L., Holz T., Goebel J., Kruegel C., Kirda E. (2009) Automatically Generating Models for Botnet Detection. In: Backes M., Ning P. (eds) Computer Security-European Symposium on Research in Computer Security (Vol 5789, pp. 232-249). Springer, Berlin, Heidelberg.
[10]Gu, G., Porras, P., Yegneswaran, V., Fong, M. (2007). BotHunter: Detecting malware infection through IDS-driven dialog correlation. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (pp. 167–182), Boston, MA, USA.
[11]García, S., Grill, M., Stiborek, J., Zunino A. (2014). An empirical comparison of botnet detection methods. Computers and Security Journal, 45, 100-123.
[12]Gu, G., Perdisci, R., Zhang, J. and Lee, W. (2008). BotMiner: clustering analysis of network traffic for protocol- and structure- independent botnet detection. In Proceedings of the 17th conference on Security symposium (pp. 139-154). San Jose, CA.
[13]Zeidanloo H. R., Rouhani S. (2012). Botnet detection by monitoring common network behaviors. Lambert Academic Publishing.
[14]Giroire F., Chandrashekar J., Taft N., Schooler E., Papagiannaki D. (2009) Exploiting Temporal Persistence to Detect Covert Botnet Channels. In: Kirda E., Jha S., Balzarotti D.(eds) International Workshop on Recent Advances in Intrusion Detection: Recent Advances in Intrusion Detection. Lecture Notes in Computer Science (vol 5758, pp. 326-345). Springer, Berlin, Heidelberg
[15]Francisco Villegas Alejandre, Nareli Cruz Cort´es, Eleazar Aguirre Anaya. Botnet Detection using Clustering Algorithms. In : Instituto Polit´ecnico Nacional,Centro de Investigaci´on en Computaci´on, Mexico City,Mexico
[16]Huseynov, K., Kim, K., Yoo, P.: Semi-supervised Botnet Detection Using AntColony System. In: 31th Symposium on Cryptography and Information Security,Kagoshima, Japan, Jan. 21-24 (2014)
[17]Zeidanloo HR, Manaf AB, Vahdani P, Tabatabaei F, Zamani M. Botnet detection based on trafc monitoring. In: 2010 international conference on networking and information technology (ICNIT). New York: IEEE; 2010. p. 97–101.
[18]https://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html
[19]An empirical comparison of botnet detection methods" Sebastian Garcia, Martin Grill, Honza Stiborek and Alejandro Zunino. Computers and Security Journal, Elsevier. 2014. Vol 45, pp 100-123. http://dx.doi.org/10.1016/j.cose.2014.05.011
[20]http://whatis.techtarget.com/definition/Wireshark
[21]Prachi, Detection of Botnet based attacks on network: using Machine Learning Techniques, Handbook of Research on Network Forensics and Analysis Techniques, Chapter 7, pp. 101-116, Apr 2018
[22]https://www.scribd.com/doc/90174459/Data-Analysis-using-WEKA
[23]Zeynel Cebeci, Figen Yildiz, Comparison of K-Means and Fuzzy C-Means Algorithms on Different Cluster Structures, Journal of Agricultural Informatics, 2015 Vol. 6, No. 3:13-23
[24]Ying Zhao and George Karypis, Comparison of Agglomerative and Partitional Document Clustering Algorithms, April 2002,
[25]https://en.wikipedia.org/wiki/Statistical_classification
[26]https://www.systutorials.com/docs/linux/man/1-nfcapd/
[27]Archana Singh, Avantika Yadav, Ajay Rana, K-means with Three different Distance Metrics, International Journal of Computer Applications, Volume 67– No.10, April 2013
[28]http://www.findmyip.org