DocumentCode :
3715182
Title :
An analysis of network traffic classification for botnet detection
Author :
Matija Stevanovic;Jens Myrup Pedersen
Author_Institution :
Aalborg University, DK-9220 Aalborg, Denmark
fYear :
2015
fDate :
6/1/2015 12:00:00 AM
Firstpage :
1
Lastpage :
8
Abstract :
Botnets represent one of the most serious threats to the Internet security today. This paper explores how network traffic classification can be used for accurate and efficient identification of botnet network activity at local and enterprise networks. The paper examines the effectiveness of detecting botnet network traffic using three methods that target protocols widely considered as the main carriers of botnet Command and Control (C&C) and attack traffic, i.e. TCP, UDP and DNS. We propose three traffic classification methods based on capable Random Forests classifier. The proposed methods have been evaluated through the series of experiments using traffic traces originating from 40 different bot samples and diverse non-malicious applications. The evaluation indicates accurate and time-efficient classification of botnet traffic for all three protocols. The future work will be devoted to the optimization of traffic analysis and the correlation of findings from the three analysis methods in order to identify compromised hosts within the network.
Keywords :
"Feature extraction","Protocols","Malware","Monitoring","IP networks","Ports (Computers)"
Publisher :
ieee
Conference_Titel :
Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on
Type :
conf
DOI :
10.1109/CyberSA.2015.7361120
Filename :
7361120
Link To Document :
بازگشت