Encrypted Botnet Detection Scheme

Author

Wang Ying

Author_Institution

Inf. Security Center, Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2014

fDate

8-10 Nov. 2014

Firstpage

559

Lastpage

565

Abstract

Botnets have started using Information obfuscation techniques include encryption to evade detection. In order to detect encrypted botnet traffic, in this paper we see detection of encrypted botnet traffic from normal network traffic as traffic classification problem. After analyses features of encrypted botnet traffic, we propose a novel meta-level classification algorithm based on content features and flow features of traffic. The content features consist of information entropy and byte frequency distribution, and the flow features consist of port number, payload length and protocol type of application layer. Then we use Naive Bayes classification algorithms to detect botnet traffic. The related experiment shows that our method has good detection effect.

Keywords

Bayes methods; cryptography; entropy; pattern classification; Naive Bayes classification algorithms; application layer; botnet traffic detection; byte frequency distribution; encrypted botnet detection scheme; encrypted botnet traffic; encryption; flow features; information entropy; information obfuscation techniques; meta-level classification algorithm; payload length; port number; protocol type; traffic classification problem; Encryption; Entropy; Feature extraction; Payloads; Ports (Computers); Protocols; botnet encrypted traffic detect;

fLanguage

English

Publisher

ieee

Conference_Titel

P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on

Conference_Location

Guangdong

Type

conf

DOI

10.1109/3PGCIC.2014.110

Filename

7024646