Proposal and Evaluation of Methods Using the Quantification Theory and Machine Learning for Detecting C&C Server Used in a Botnet

In recent years, the damage caused by botnets has increased and become a big problem. To solve this problem, we proposed a method to detect unjust C&C servers by using Hayashi´s quantification theory class II. This method is able to detect unjust C&C servers, even if they are not included in a blacklist. However, it was predicted that the detection rate for this method decreases with passing time. Therefore, we have been continuing the investigation of the detection rate and adjusting the optimal detection method in different time periods. This paper deals with the results of an investigation for 2014. In addition, we newly introduce a method using a support vector machine (SVM) for comparison with quantification theory class II. We found that the detection rates by using quantification theory class II and those by the SVM are both very good, with very little difference in accuracy between them.