شماره ركورد كنفرانس
4058
عنوان مقاله
Utilizing Features of Aggregated Flows to Identify Botnet Network Traffic
پديدآورندگان
Heydari Banafsheh b.heydari@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Yajam Habib habib.yajam@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Akhaee Mohammad Ali akhaee@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Salehkalaibar Sadaf s.saleh@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran
تعداد صفحه
6
كليدواژه
Botnet Detection , Machine Learning , Traffic Classification , Network Behaviour
سال انتشار
1396
عنوان كنفرانس
چهاردهمين كنفرانس بين المللي انجمن رمز ايران
زبان مدرك
انگليسي
چكيده فارسي
Botnets are known to be one of the most serious threats to the security of the Internet and the future
of cyberspace. To fight against the formidable force of these
cyber-criminal tools, numerous research works appeared in the
literature that studied detection of Botnets. One of the most
promising approaches is network-based detection using machinelearning tools. These methods can possibly provide detection of
new unobserved bots. Most of these methods conventionally use
features directly extracted from network flows to detect infected
nodes. In our study, we propose the utilization of features that
are extracted from a set of network flows in a fixed-length time
interval. We argue that such features could better model the
behavior of a botnet, thus, providing higher detection rates and
lower false alarms. Also in the study, the significant potential of
our method in bot detection is demonstrated by providing results
.of multiple experiments and comparisons with similar methods
كشور
ايران
لينک به اين مدرک