Title :
Encrypted Botnet Detection Scheme
Author_Institution :
Inf. Security Center, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Botnets have started using Information obfuscation techniques include encryption to evade detection. In order to detect encrypted botnet traffic, in this paper we see detection of encrypted botnet traffic from normal network traffic as traffic classification problem. After analyses features of encrypted botnet traffic, we propose a novel meta-level classification algorithm based on content features and flow features of traffic. The content features consist of information entropy and byte frequency distribution, and the flow features consist of port number, payload length and protocol type of application layer. Then we use Naive Bayes classification algorithms to detect botnet traffic. The related experiment shows that our method has good detection effect.
Keywords :
Bayes methods; cryptography; entropy; pattern classification; Naive Bayes classification algorithms; application layer; botnet traffic detection; byte frequency distribution; encrypted botnet detection scheme; encrypted botnet traffic; encryption; flow features; information entropy; information obfuscation techniques; meta-level classification algorithm; payload length; port number; protocol type; traffic classification problem; Encryption; Entropy; Feature extraction; Payloads; Ports (Computers); Protocols; botnet encrypted traffic detect;
Conference_Titel :
P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on
Conference_Location :
Guangdong
DOI :
10.1109/3PGCIC.2014.110
