Feature selection for detection of peer-to-peer botnet traffic

Narang, Pratik; Reddy, Jagan Mohan; Hota, Chittaranjan

doi:10.1145/2522548.2523133

Cited by 24 publications

(11 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…True negatives (TN) correspond to negative instances correctly labeled as negative. False negatives (FN) are positive instances AUC of ROC AUC of P/R curve Narang et al [26] 0.982 0.960 Rahbarinia et al [5] 0.951 0.899 Our result 0.982 0.957 The training phase of KNN stores the feature vectors and class labels of the training samples. Let be a user-defined constant.…”

Section: Feature Selectionmentioning

confidence: 82%

“…We adopt some features for P2P application traffic categorization and botnet detection used in [5,8,9,26]. We list our feature set as follows: We compare the detection performance of our feature set with the works by Rahbarinia et al [5] and Narang et al [26]. We evaluate the result of a classifier with the ROC curve (i.e., Receiver Operating Characteristic curve) and the P/R curve (i.e., Precision-Recall curve).…”

Section: Feature Selectionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Software Defined Network separates the control plane from network equipment and has great advantage in network management as compared with traditional approaches. With this paradigm, the security issues persist to exist and could become even worse because of the flexibility on handling the packets. In this paper we propose an effective framework by integrating SDN and machine learning to detect and categorize P2P network traffics. This work provides experimental evidence showing that our approach can automatically analyze network traffic and flexibly change flow entries in OpenFlow switches through the SDN controller. This can effectively help the network administrators manage related security problems.

show abstract

Section: Feature Selectionmentioning

confidence: 82%

Section: Feature Selectionmentioning

confidence: 99%

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…A more recent classification technique uses statistical properties of network flows whose success lies heavily on the training dataset and the Machine learning algorithms used to classify the P2P traffic [11] [12] [13]. However, ensuring accuracy and authenticity of the training sets is still an open issue, particularly for flows that go undetected.…”

Section: Introductionmentioning

confidence: 99%

Heuristic-Based Real-Time P2P Traffic Identification

Reddy¹,

Hota²

2015

2015 International Conference on Emerging Information Technology and Engineering Solutions

Self Cite

View full text Add to dashboard Cite

Peer-to-Peer (P2P) networks have seen a rapid growth, spanning diverse applications like online anonymity (Tor), online payment (Bitcoin), file sharing (BitTorrent), etc. However, the success of these applications has raised concerns among ISPs and Network administrators. These types of traffic worsen the congestion of the network, and create security vulnerabilities. Hence, P2P traffic identification has been researched actively in recent times. Early P2P traffic identification approaches were based on port-based inspection. Presently, Deep Packet Inspection (DPI) is a prominent technique used to identify P2P traffic. But it relies on payload signatures which are not resilient against port masquerading, traffic encryption and NATing. In this paper, we propose a novel P2P traffic identification mechanism based on the host behaviour from the transport layer headers. A set of heuristics was identified by analysing the off-line datasets collected in our testbed. This approach is privacy preserving as it does not examine the payload content. The usefulness of these heuristics is shown on real-time traffic traces received from our campus backbone; where in the best case only 0.20% of flows were unknown.

show abstract

“…This resilience offered by P2P networks has conjointly attracted the eye of adversaries within the type of bot-masters. A 'bot' could be a worm that permits the operator to remotely management the infected system wherever it's put in [2], [10]. A network of such compromised end-hosts below the remote command of a master (i.e., the bot-master) is named a 'Botnet'.…”

Section: Introductionmentioning

confidence: 99%

Review on Botnet Threat Detection in P2P

Mohini¹

2015

IJRITCC

View full text Add to dashboard Cite

Abstract-Botnets are nothing but the malicious codes such as viruses which are used for attacking the computers. These are act as thre ats and are very harmful. Due to distributed nature of botnets, it is hard to detect them in peer-to-peer networks. So we require the smarter technique to detect such threats. The automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. This paper gives the review on the various techniques used to detect such botnets.

show abstract

Feature selection for detection of peer-to-peer botnet traffic

Cited by 24 publications

References 15 publications

Detecting P2P Botnet in Software Defined Networks

Detecting P2P Botnet in Software Defined Networks

Heuristic-Based Real-Time P2P Traffic Identification

Review on Botnet Threat Detection in P2P

Contact Info

Product

Resources

About