Title :
Online IRC botnet detection using a SOINN classifier
Author :
Carpine, Francesco ; Mazzariello, Claudio ; Sansone, Carlo
Author_Institution :
Ancitel Spa, Naples, Italy
Abstract :
IRC botnets have been rapidly growing in number, in infected network hosts, and, most of all, in size of caused damages. Hence, there is the need of a real-time detection solution, as accurate as possible; the earlier a botnet is discovered, the smaller will be its potential impact. In order to tackle these issues, our approach to IRC Botnet detection considers both the online context and the time consumption problem. In particular, we use both statistical and digrams-based features to build a two-class behavioral model. Then, we setup a fast detection engine based on an unsupervised incremental learning method. Several tests performed on real data (botnet and non-botnet IRC channels) revealed the effectiveness of the entire proposed solution.
Keywords :
Internet; computer network security; neural nets; statistical analysis; unsupervised learning; SOINN classifier; detection engine; digrams-based feature; infected network host; online IRC botnet detection; real-time detection solution; self-organizing incremental neural network; statistical feature; time consumption problem; two-class behavioral model; unsupervised incremental learning; Accuracy; Context; Engines; Protocols; Servers; Support vector machines; Training;
Conference_Titel :
Communications Workshops (ICC), 2013 IEEE International Conference on
Conference_Location :
Budapest
DOI :
10.1109/ICCW.2013.6649447
