Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers

Author

Haddadi, Fariba ; Morgan, J. ; Filho, Eduardo Gomes ; Zincir-Heywood, A. Nur

Author_Institution

Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

fYear

2014

fDate

13-16 May 2014

Firstpage

7

Lastpage

12

Abstract

Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based on botnet behaviour analysis via machine learning approach. To achieve this, we employ flow-based network traffic utilizing NetFlow (via Softflowd). The proposed botnet analysis system is implemented by employing two different machine learning algorithms, C4.5 and Naive Bayes. Our results show that C4.5 learning algorithm based classifier obtained very promising performance on detecting HTTP based botnet activity.

Keywords

Bayes methods; IP networks; computer network security; hypermedia; learning (artificial intelligence); telecommunication traffic; transport protocols; C&C protocol; C4.5 learning algorithm based classifier; HTTP filters; HTTP protocol; IP flows; NetFlow; Softflowd; botnet behaviour analysis; command and communication protocol; cyber security; destructive threats; flow-based network traffic; machine learning algorithms; machine learning approach; naive Bayes algorithm; Classification algorithms; Complexity theory; Decision trees; Feature extraction; IP networks; Payloads; Protocols; botnet detection; machine learning based analysis; traffic IP-flow analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on

Conference_Location

Victoria, BC

Print_ISBN

978-1-4799-2652-7

Type

conf

DOI

10.1109/WAINA.2014.19

Filename

6844605