Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers

Title	Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers
Publication Type	Conference Paper
Year of Publication	2014
Authors	Haddadi, F., Morgan, J., Filho, E.G., Zincir-Heywood, A.N.
Conference Name	Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on
Date Published	May
Keywords	Bayes methods, botnet behaviour analysis, Botnet detection, C&C protocol, C4.5 learning algorithm based classifier, Classification algorithms, command and communication protocol, Complexity theory, computer network security, cyber security, Decision trees, destructive threats, feature extraction, flow-based network traffic, HTTP filters, HTTP protocol, hypermedia, IP flows, IP networks, learning (artificial intelligence), machine learning algorithms, machine learning approach, machine learning based analysis, naive Bayes algorithm, NetFlow, Payloads, Protocols, Softflowd, telecommunication traffic, traffic IP-flow analysis, transport protocols
Abstract	Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based on botnet behaviour analysis via machine learning approach. To achieve this, we employ flow-based network traffic utilizing NetFlow (via Softflowd). The proposed botnet analysis system is implemented by employing two different machine learning algorithms, C4.5 and Naive Bayes. Our results show that C4.5 learning algorithm based classifier obtained very promising performance on detecting HTTP based botnet activity.
URL	https://ieeexplore.ieee.org/document/6844605
DOI	10.1109/WAINA.2014.19
Citation Key	6844605