Visualization of invariant bot behavior for effective botnet traffic detection

Due to the sharp rise in computer network attacks through botnets, current security monitoring tools will be insufficient for effective botnet traffic detection. In fact, most of the existing tools are text-based and there is a lack of effective user friendly interface that can facilitate detection of botnet traffic in large datasets. Moreover, most of these tools are based on reactive approaches and will be triggered only after an attack is detected. Therefore, enhancement of botnet traffic detection is highly demanded. Knowledge discovery through information visualization is an avenue to solve these issues effectively. The aim of this research is to propose a proactive approach by adopting proper visualization techniques to increase the visibility of network traffic related to invariant bot behavior and botnet activities. The visualization techniques used in this research consist of graphs, scatter plots, and histograms. These visualization techniques are easy to interpret and good for visualizing large datasets. By adopting these techniques for invariant bot behavior visualization, it is possible to provide visual notification of bot existence in a network without distracting the user with huge volumes of data. In fact, the visual illustration of typical bot behavior improves the botnet traffic detection process by engaging human perception and intellectual capabilities. Overall, this visual approach can assist the security personnel to proactively detect invariant bot behaviors and botnet activities during the benign state of a botnet by providing a graphical user friendly interface. Exploiting the visual information, human analysts and security personnel will be able to gain more insights into their networks, leading to make correct decisions in critical situations and to prevent catastrophic botnet attacks.