Title :
Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers
Author :
Haddadi, Fariba ; Morgan, J. ; Filho, Eduardo Gomes ; Zincir-Heywood, A. Nur
Author_Institution :
Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based on botnet behaviour analysis via machine learning approach. To achieve this, we employ flow-based network traffic utilizing NetFlow (via Softflowd). The proposed botnet analysis system is implemented by employing two different machine learning algorithms, C4.5 and Naive Bayes. Our results show that C4.5 learning algorithm based classifier obtained very promising performance on detecting HTTP based botnet activity.
Keywords :
Bayes methods; IP networks; computer network security; hypermedia; learning (artificial intelligence); telecommunication traffic; transport protocols; C&C protocol; C4.5 learning algorithm based classifier; HTTP filters; HTTP protocol; IP flows; NetFlow; Softflowd; botnet behaviour analysis; command and communication protocol; cyber security; destructive threats; flow-based network traffic; machine learning algorithms; machine learning approach; naive Bayes algorithm; Classification algorithms; Complexity theory; Decision trees; Feature extraction; IP networks; Payloads; Protocols; botnet detection; machine learning based analysis; traffic IP-flow analysis;
Conference_Titel :
Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4799-2652-7
DOI :
10.1109/WAINA.2014.19
