Online IRC botnet detection using a SOINN classifier

Author

Carpine, Francesco ; Mazzariello, Claudio ; Sansone, Carlo

Author_Institution

Ancitel Spa, Naples, Italy

fYear

2013

fDate

9-13 June 2013

Firstpage

1351

Lastpage

1356

Abstract

IRC botnets have been rapidly growing in number, in infected network hosts, and, most of all, in size of caused damages. Hence, there is the need of a real-time detection solution, as accurate as possible; the earlier a botnet is discovered, the smaller will be its potential impact. In order to tackle these issues, our approach to IRC Botnet detection considers both the online context and the time consumption problem. In particular, we use both statistical and digrams-based features to build a two-class behavioral model. Then, we setup a fast detection engine based on an unsupervised incremental learning method. Several tests performed on real data (botnet and non-botnet IRC channels) revealed the effectiveness of the entire proposed solution.

Keywords

Internet; computer network security; neural nets; statistical analysis; unsupervised learning; SOINN classifier; detection engine; digrams-based feature; infected network host; online IRC botnet detection; real-time detection solution; self-organizing incremental neural network; statistical feature; time consumption problem; two-class behavioral model; unsupervised incremental learning; Accuracy; Context; Engines; Protocols; Servers; Support vector machines; Training;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications Workshops (ICC), 2013 IEEE International Conference on

Conference_Location

Budapest

Type

conf

DOI

10.1109/ICCW.2013.6649447

Filename

6649447