Machine learning based botnet identification traffic
Conference paper
Azab, A., Alazab, M. and Aiash, M. 2016. Machine learning based botnet identification traffic. 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-2016). Tianjin, China 23 - 26 Aug 2016 Institute of Electrical and Electronics Engineers (IEEE). pp. 1788-1794 https://doi.org/10.1109/TrustCom.2016.0275
Type | Conference paper |
---|---|
Title | Machine learning based botnet identification traffic |
Authors | Azab, A., Alazab, M. and Aiash, M. |
Abstract | The continued growth of the Internet has resulted in the increasing sophistication of toolkit and methods to conduct computer attacks and intrusions that are easy to use and publicly available to download, such as Zeus botnet toolkit. Botnets are responsible for many cyber-attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of existence botnet toolkits release updates for new features, development and support. This presents challenges in the detection and prevention of bots. Current botnet detection approaches mostly ineffective as botnets change their Command and Control (C&C) server structures, centralized (e.g., IRC, HTTP), distributed (e.g., P2P), and encryption deterrent. In this paper, based on real world data sets we present our preliminary research on predicting the new bots before they launch their attack. We propose a rich set of features of network traffic using Classification of Network Information Flow Analysis (CONIFA) framework to capture regularities in C&C communication channels and malicious traffic. We present a case study of applying the approach to a popular botnet toolkit, Zeus. The experimental evaluation suggest that it is possible to detect effectively botnets during the botnet C&C communication generated from new updated Zeus botnet toolkit by building the classifier using machine learning from an earlier version and before they launch their attacks using traffic behaviors. Also, show that there is similarity in C&C structures various Botnet toolkit versions and that the network characteristics of botnet C&C traffic is different from legitimate network traffic. Such methods could reduce many different resources needed to identify C&C communication channels and malicious traffic. |
Conference | 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-2016) |
Page range | 1788-1794 |
ISSN | 2324-9013 |
ISBN | |
Hardcover | 9781509032051 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Publication dates | |
26 Aug 2016 | |
Online | 09 Feb 2017 |
Publication process dates | |
Deposited | 07 Jun 2017 |
Accepted | 20 Jun 2016 |
Output status | Published |
Accepted author manuscript | |
Additional information | © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new |
Digital Object Identifier (DOI) | https://doi.org/10.1109/TrustCom.2016.0275 |
Language | English |
Book title | 2016 IEEE Trustcom/BigDataSE/ISPA |
https://repository.mdx.ac.uk/item/86zx7
Download files
81
total views32
total downloads1
views this month2
downloads this month