Title :
Data-Adaptive Clustering Analysis for Online Botnet Detection
Author :
Yu, Xiaocong ; Dong, Xiaomei ; Yu, Ge ; Qin, Yuhai ; Yue, Dejun
Author_Institution :
Coll. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China
Abstract :
Botnets have attracted lots of attention since botnet-based attacking is becoming one of the most serious threats on the Internet. Lots of approaches have been proposed to detect the presence of botnets. However, most of them just focus on offline detection methods by tracking the historical network traffic, which is not suitable for fast detection in the current environment. In this paper, we propose a new technique that can detect the botnet activities in an online fashion. We transform raw network traffic flows into “multi-dimensional feature streams”, adopt the sliding window to retain the continuous network traffic and select correlation analysis as the similarity measurement. A novel data-adaptive clustering technique is presented to group those feature streams that have high similarities. Hosts whose feature streams belong to the same cluster with high interior similarities will be regarded as suspected bot hosts. The experimental evaluations show that this approach can achieve online botnet detection efficiently.
Keywords :
Command and control systems; Computer crime; Data analysis; Data engineering; Educational institutions; Information analysis; Information science; Internet; Protocols; Telecommunication traffic; clustering; data-adaptive; online botnet detection;
Conference_Titel :
Computational Science and Optimization (CSO), 2010 Third International Joint Conference on
Conference_Location :
Huangshan, Anhui, China
Print_ISBN :
978-1-4244-6812-6
Electronic_ISBN :
978-1-4244-6813-3
DOI :
10.1109/CSO.2010.214
