Detection of botnet by analyzing network traffic flow characteristics using open source tools

Shanthi, K.; Seenivasan, D.

doi:10.1109/isco.2015.7282353

Cited by 22 publications

(17 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Richer (2017) [40] proposes an approach using Support Vector Machine and got a 100% detection rate; however the false positive rate is more than 15%. The work by Shanti & Seenivasan (2015) [14] also provides very high false positive which is more than 21%. Above all, Warmer (2011) had the highest false positive value of 44.3% by using Naïve Bayes.…”

Section: Zhao Et Al (2013)mentioning

confidence: 97%

“…Thus, this indicates that there is still room for improvement in Botnet detection, uniquely encrypted Botnet. Many Botnet detection techniques are based on payload analysis, and these techniques, unfortunately, are inefficient for encrypted C&C channels (Shanti & Seenivasan, 2015) [14]. [15] prove that Botnet detection techniques that rely on payload analysis could be foiled by encryption.…”

Section: Malaysia Botnet Drone 2012-2017mentioning

confidence: 99%

“…Furthermore, by implementing a bruteforce-like decryption technique, it leads to the privacy issue. [14] propose a detection methodology to classify bot hosts from the normal host by analyzing traffic flow characteristics based on time intervals www.ijacsa.thesai.org instead of payload inspection. They use the Decision Tree and Naïve Bayes classification.…”

Section: Related Workmentioning

confidence: 99%

“…Some researchers claim that their general Botnet detection approaches could even detect encrypted Botnet C&C based on the assumption that their approaches did not analyze the payload content, and it was Botnet structure independent. For example,Shin et al (2012) [30],Khan et al (2015) [31], andShanti & Seenivasan (2015) [14] commonly use traffic flow analysis in their works. Consequently, they did not have to inspect the payload.…”

mentioning

confidence: 99%

See 3 more Smart Citations

A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel

Ismail¹,

Jantan²,

Najwadi³

2020

IJACSA

View full text Add to dashboard Cite

Botnet employs advanced evasion techniques to avoid detection. One of the Botnet evasion techniques is by hiding their command and control communication over an encrypted channel like SSL and TLS. This paper provides a Botnet Analysis and Detection System (BADS) framework for detecting Botnet. The BADS framework has been used as a guideline to devise the methodology, and we divided this methodology into six phases: i. data collection, customization, and conversion, ii. feature extraction and feature selection, iii. Botnet prediction and classification, iv. Botnet detection, v. attack notification, and vi. testing and evaluation. We tend to use the machine learning algorithm for Botnet prediction and classification. We also found several challenges in implementing this work. This research aims to detect Botnet over an encrypted channel with high accuracy, fast detection time, and provides autonomous management to the network manager.

show abstract

Section: Zhao Et Al (2013)mentioning

confidence: 97%

Section: Malaysia Botnet Drone 2012-2017mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel

Ismail¹,

Jantan²,

Najwadi³

2020

IJACSA

View full text Add to dashboard Cite

show abstract

“…They calculated the flow statistics of the obvious attacker targeting a specific port and identify the nuisance attackers based on the similarity of features between hosts sending flow to port P and the samples. K Shanthi et al, [16] proposed a novel method of classify bots from normal hosts through traffic flow analysis based on time intervals. The authors did not include payload inspection.…”

Section: Related Workmentioning

confidence: 99%

Detecting Bots inside a Host using Network Behavior Analysis

Chinta¹,

Polinati²,

Srinivas³

2018

IJCA

View full text Add to dashboard Cite

Being well aware of the drastic changes brought by the Internet to the world there exists an explosion of network traffic. This burst traffic brings in lots of unwanted communication as a side-effect from the infected machines also called victims. Bots are such type of infected machines which work under a super power called botmaster. A botnet is a collection of compromised machines or bots receiving and responding to commands from the Command and Control (C&C) server that serves as a rendezvous mechanism for commands from a human or controller i.e., the bot master. The aim of our work is to detect the presence of the bot in the network traffic. This is accomplished in a two-step process. The work first captures network traffic from the infected host, and second step analyzes the captured traffic and detects the presence of a bot. To meet the goal we experimented on CTU-13 data set, a data set of botnet traffic captured in the CTU University, Czech Republic. Our work uses decision trees, Naïve Bayes, SVM and K Nearest Neighbor to detect the presence of bot. We found that decision trees gives 99.9% positive detection rate compared to other algorithms.

show abstract

The Risk of Botnets in Cyber Physical Systems

Derakhshan

Ashrafnejad

2020

Security of Cyber-Physical Systems

View full text Add to dashboard Cite

Detection of botnet by analyzing network traffic flow characteristics using open source tools

Cited by 22 publications

References 5 publications

A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel

A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel

Detecting Bots inside a Host using Network Behavior Analysis

The Risk of Botnets in Cyber Physical Systems

Contact Info

Product

Resources

About