Discovery of Invariant Bot Behavior through Visual Network Monitoring System

Botnets are emerging as the most significant threat facing online ecosystems and computing assets due to their enormous volume and sheer power. It is a major challenge for cyber-security research community to combat the emerging threat of botnets. Most of useful approaches for botnet traffic detection are based on passive network traffic monitoring and analysis. Nevertheless, typical network traffic generates a huge amount of data for analysis. In addition, the poor user interfaces of the existing tools lead to the insufficient utilization of the captured data, and do not consider utilization of human intellectual capability. The proposed visual network monitoring system tackles these issues by adopting proper visualization techniques. The proposed visualization techniques enhance the visibility of network traffic related to invariant bot behaviors, and provide notification of bot existence without distracting the user with huge volumes of data. The visual illustration of typical bot behavior improves the botnet traffic detection process by engaging human perception capabilities. This approach assists security personnel with a visual security tool to mitigate botnet threats by discovering invariant botnet behaviors during the benign state of a botnet in small to medium size networks. Moreover, the user friendly interface of this system is interactive, flexible, and easy to use.