Revealing the Feature Influence in HTTP Botnet Detection

Botnet are identified as one of most emerging threats due to Cybercriminals work diligently to make most of the part of the users’ network of computers as their target. In conjunction to that, many researchers has conduct a lot of study regarding on the botnets and ways to detect botnet in network traffic. Most of them only used the feature inside the system without mentioning the feature influence in botnet detection. Selecting a significant feature are important in botnet detection as it can increase the accuracy of detection. Besides, existing research focusses more on the technique of recognition rather than uncovering the purpose behind the selection. Therefore, this paper will reveal the influence feature in botnet detection using statistical method. The result obtained showed the accuracy is about 91% which is approximately acceptable to use the influence feature in detecting botnet activity

Revealing Influenced Selected Feature for P2P Botnet Detection

P2P botnet has become a serious security threat for computer networking systems. Botnet attack causes a great financial loss and badly impact the information and communication technology (ICT) system. Current botnet detection mechanisms have limitations and flaws to deal with P2P botnets which famously known for their complexity and scalable attack. Studies show that botnets behavior can be detected based on several detection features. However, some of the feature parameters may not represent botnet behavior and may lead to higher false alarm detection rate. In this paper, we reveal selected feature that influences P2P botnets detection. The result obtained by selecting features shows detection attack rate of 99.74%

DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies

Distributed Denial-of-Service (DDoS) attacks are usually launched through the $botnet$, an "army" of compromised nodes hidden in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable discrimination of the normal users from the compromised ones. Unfortunately, the recent emergence of attacks performed at the application layer has multiplied the number of possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be addressed by simply borrowing the tools that have been successfully applied so far to earlier DDoS paradigms. In this work, we offer basically three contributions: $i)$ we introduce an abstract model for the aforementioned class of attacks, where the botnet emulates normal traffic by continually learning admissible patterns from the environment; $ii)$ we devise an inference algorithm that is shown to provide a consistent (i.e., converging to the true solution as time progresses) estimate of the botnet possibly hidden in the network; and $iii)$ we verify the validity of the proposed inferential strategy over $real$ network traces.Comment: Submitted for publicatio

Autonomous Botnet Detection

With the pervasiveness of internet, huge threats have been seen in last few decades. These threats involve the activities for violation of security in terms of integrity, confidentiality, denial of service, authentication. Due to the existence of such threats, there is requirement to defend our immense corporate secret, online banking account details and social networking account accessible via web interface. Over last few decades there is the emergence of botnet within internet. Botnet can be considered as the mass of compromise machine that are under the authority and control of single botmaster. Because of existence of such botnet there arouse intrusion. And hence intrusion detection has turn out to be sphere of influence of information assurance. At the network-level, the research work to detect bots has proceeded along two important area of vertical and horizontal correlation engine. Vertical and local correlation engine have the downside that these systems require prior knowledge about communication channel and it is indispensable to have at least two hosts in the monitored network(s) should be the members of the same botnet. Hence the new autonomous model is proposed by combining the concept of observation of command and responses received. This model will be built in controlled environment with recording of network activity by using subspace and evidence accumulation clustering. Proposed models are helpful for detection of bots in the midst of few false positives. Keywords: : Intrusion; intrusion detection system; botnet; threat; evidence accumulation; subspace clusterin

BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of manyresearch efforts. This research aims to overcome two serious limitations of current botnet detection systems:First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. Toachieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we haveidentified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.Then, we have carried several machine learning experiments in order to test the suitability of ML techniques andalso to pick a minimal subset of the identified features that provide best detection. We have implemented ourapproach in a tool called BotCap whose test results showed its proven ability to detect individually infected hostsin a local network

Sonification of Network Traffic for Detecting and Learning About Botnet Behavior

Today's computer networks are under increasing threat from malicious activity. Botnets (networks of remotely controlled computers, or "bots") operate in such a way that their activity superficially resembles normal network traffic which makes their behaviour hard to detect by current Intrusion Detection Systems (IDS). Therefore, new monitoring techniques are needed to enable network operators to detect botnet activity quickly and in real time. Here we show a sonification technique using the SoNSTAR system that maps characteristics of network traffic to a real-time soundscape enabling an operator to hear and detect botnet activity. A case study demonstrated how using traffic log files alongside the interactive SoNSTAR system enabled the identification of new traffic patterns that characteristic botnet behaviour and subsequently the effective targeting and real-time detection of botnet activity. An experiment using the 11.39 GiB ISOT Botnet Dataset, containing labelled botnet traffic data, compared the SoNSTAR system with three leading machine learning-based traffic classifiers in a botnet activity detection test. SoNSTAR demonstrated greater accuracy, precision and recall and much lower false positive rates than the other techniques. The knowledge generated about characteristic botnet behaviours could be used in the development of future IDSs