Title :
Fuzzy inference system based on entropy of traffic for bot detection on an endpoint host
Author :
Soniya, B. ; Wilscy, M.
Author_Institution :
Dept. of Comput. Sci., Univ. of Kerala, Trivandrum, India
Abstract :
Botnet detection is challenging in that bat behaviour is stealthy, varying and bots use several evasion techniques to avoid detection. In this paper, we present a bot detection method for an endpoint host which differentiates the regularity in bot command and control traffic and randomness of user-induced traffic. The regularity/randomness is measured using entropy of traffic features. A characterization of user-induced and bot traffic is done. A fuzzy rule based system is derived from the characterization. The system is tested using a 3-fold cross-validation scheme. Publicly available datasets were also used to estimate an upper bound on the false positives generated by the system. The ability of the system in handling newer variety of bots is tested and the performance of the system is compared with two other methods which also rely on traffic analysis for bot detection.
Keywords :
entropy; fuzzy reasoning; telecommunication congestion control; 3-fold cross-validation scheme; bat behaviour; bot detection method; bot traffic analysis; botnet detection; endpoint host; entropy; evasion techniques; fuzzy inference system; fuzzy rule based system; user-induced traffic; Data structures; Entropy; Feature extraction; Fuzzy logic; Knowledge based systems; Malware; Testing; botnet detection; endpoint host; fuzzy rule-based;
Conference_Titel :
Data Science & Engineering (ICDSE), 2014 International Conference on
Conference_Location :
Kochi
Print_ISBN :
978-1-4799-6870-1
DOI :
10.1109/ICDSE.2014.6974621
