Fuzzy inference system based on entropy of traffic for bot detection on an endpoint host

Author

Soniya, B. ; Wilscy, M.

Author_Institution

Dept. of Comput. Sci., Univ. of Kerala, Trivandrum, India

fYear

2014

fDate

26-28 Aug. 2014

Firstpage

112

Lastpage

117

Abstract

Botnet detection is challenging in that bat behaviour is stealthy, varying and bots use several evasion techniques to avoid detection. In this paper, we present a bot detection method for an endpoint host which differentiates the regularity in bot command and control traffic and randomness of user-induced traffic. The regularity/randomness is measured using entropy of traffic features. A characterization of user-induced and bot traffic is done. A fuzzy rule based system is derived from the characterization. The system is tested using a 3-fold cross-validation scheme. Publicly available datasets were also used to estimate an upper bound on the false positives generated by the system. The ability of the system in handling newer variety of bots is tested and the performance of the system is compared with two other methods which also rely on traffic analysis for bot detection.

Keywords

entropy; fuzzy reasoning; telecommunication congestion control; 3-fold cross-validation scheme; bat behaviour; bot detection method; bot traffic analysis; botnet detection; endpoint host; entropy; evasion techniques; fuzzy inference system; fuzzy rule based system; user-induced traffic; Data structures; Entropy; Feature extraction; Fuzzy logic; Knowledge based systems; Malware; Testing; botnet detection; endpoint host; fuzzy rule-based;

fLanguage

English

Publisher

ieee

Conference_Titel

Data Science & Engineering (ICDSE), 2014 International Conference on

Conference_Location

Kochi

Print_ISBN

978-1-4799-6870-1

Type

conf

DOI

10.1109/ICDSE.2014.6974621

Filename

6974621