Architecture for Applying Data Mining and Visualization on Network Flow for Botnet Traffic Detection

Botnet is one of the most recent tools used in cyber-crime including distributed denial of service attacks, phishing, spamming, and spying on remote computers. These days, governments, business, and individuals are facing catastrophic damages caused by hackers using malicious botnets. It is a major challenge for cyber-security research community to combat the emerging threat of botnets. Current network intrusion detection methods based on anomaly detection approaches suffer from fairly high error rate and low performance. The proposed flow based botnet detection system tackles these issues by combining data mining and visualization. The anomalous data is passed to several trust models, and the flows are re-evaluated to obtain their trustfulness, which is then aggregated to detect malicious traffic via visualization. The visualized information will be analyzed by human intellectual and conceptual ability to gain useful knowledge about botnet activities for further precaution and validation.