2014 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (2014)
May 13, 2014 to May 16, 2014
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WAINA.2014.19
Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based on botnet behaviour analysis via machine learning approach. To achieve this, we employ flow-based network traffic utilizing Net Flow (via Soft flowd). The proposed botnet analysis system is implemented by employing two different machine learning algorithms, C4.5 and Naive Bayes. Our results show that C4.5 learning algorithm based classifier obtained very promising performance on detecting HTTP based botnet activity.
machine learning based analysis, botnet detection, traffic IP-flow analysis
F. Haddadi, J. Morgan, E. G. Filho and A. N. Zincir-Heywood, "Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers," 2014 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), BC, Canada, 2014, pp. 7-12.