شماره ركورد كنفرانس :
4058
عنوان مقاله :
Utilizing Features of Aggregated Flows to Identify Botnet Network Traffic
پديدآورندگان :
Heydari Banafsheh b.heydari@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Yajam Habib habib.yajam@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Akhaee Mohammad Ali akhaee@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran , Salehkalaibar Sadaf s.saleh@ut.ac.ir School of Electrical and Computer Engineering University of Tehran, Tehran, Iran
كليدواژه :
Botnet Detection , Machine Learning , Traffic Classification , Network Behaviour
عنوان كنفرانس :
چهاردهمين كنفرانس بين المللي انجمن رمز ايران
چكيده فارسي :
Botnets are known to be one of the most serious threats to the security of the Internet and the future
of cyberspace. To fight against the formidable force of these
cyber-criminal tools, numerous research works appeared in the
literature that studied detection of Botnets. One of the most
promising approaches is network-based detection using machinelearning tools. These methods can possibly provide detection of
new unobserved bots. Most of these methods conventionally use
features directly extracted from network flows to detect infected
nodes. In our study, we propose the utilization of features that
are extracted from a set of network flows in a fixed-length time
interval. We argue that such features could better model the
behavior of a botnet, thus, providing higher detection rates and
lower false alarms. Also in the study, the significant potential of
our method in bot detection is demonstrated by providing results
.of multiple experiments and comparisons with similar methods
