CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Detecting Bots inside a Host using Network Behavior Analysis

by Seshadri Rao Chinta, Vinod Babu Polinati, P. N. Srinivas
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 180 - Number 47
Year of Publication: 2018
Authors: Seshadri Rao Chinta, Vinod Babu Polinati, P. N. Srinivas
10.5120/ijca2018917241

Seshadri Rao Chinta, Vinod Babu Polinati, P. N. Srinivas . Detecting Bots inside a Host using Network Behavior Analysis. International Journal of Computer Applications. 180, 47 ( Jun 2018), 1-4. DOI=10.5120/ijca2018917241

@article{ 10.5120/ijca2018917241,
author = { Seshadri Rao Chinta, Vinod Babu Polinati, P. N. Srinivas },
title = { Detecting Bots inside a Host using Network Behavior Analysis },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2018 },
volume = { 180 },
number = { 47 },
month = { Jun },
year = { 2018 },
issn = { 0975-8887 },
pages = { 1-4 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume180/number47/29550-2018917241/ },
doi = { 10.5120/ijca2018917241 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:03:48.411222+05:30
%A Seshadri Rao Chinta
%A Vinod Babu Polinati
%A P. N. Srinivas
%T Detecting Bots inside a Host using Network Behavior Analysis
%J International Journal of Computer Applications
%@ 0975-8887
%V 180
%N 47
%P 1-4
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Being well aware of the drastic changes brought by the Internet to the world there exists an explosion of network traffic. This burst traffic brings in lots of unwanted communication as a side-effect from the infected machines also called victims. Bots are such type of infected machines which work under a super power called botmaster. A botnet is a collection of compromised machines or bots receiving and responding to commands from the Command and Control (C&C) server that serves as a rendezvous mechanism for commands from a human or controller i.e., the bot master. The aim of our work is to detect the presence of the bot in the network traffic. This is accomplished in a two-step process. The work first captures network traffic from the infected host, and second step analyzes the captured traffic and detects the presence of a bot. To meet the goal we experimented on CTU-13 data set, a data set of botnet traffic captured in the CTU University, Czech Republic. Our work uses decision trees, Naïve Bayes, SVM and K Nearest Neighbor to detect the presence of bot. We found that decision trees gives 99.9% positive detection rate compared to other algorithms.

References
  1. Dagon, 2005. Botnet Detection and Response – The network is the infection. OARCW Workshop.
  2. T. Micro, 2006. Taxonomy of Botnet Threats. White Paper.http://www.cs.ucsb.edu/~kemm/courses/cs595G/TM06.pdf
  3. D. Dragon, G. Gu, C.P. Lee and W. Lee, 2007.A Taxonomy of Botnet Structures, ACSAC.
  4. Jose Nazario, 2008, Bot and Botnet Taxonomy. https://www.slideshare.net/digitallibrary/bot-and-botnet-taxonomy.
  5. G. Ollman, Botnet Communication Topologies, 2009. http://technicalinfo.net/papers/PDF/WP_Botnet_Communications_Primer_(2009-06-04).pdf
  6. D. Plohmann, E. Gerhards-Padilla, and F. Leder, Botnets: Detection, 2011. Measurement, Disinfection and Defense, European Network and Information, Security Agency, Tech. rep., 2011.
  7. P. Barford and V. Yegneswaran, 2007. An Inside Look at Botnets, in Malware Detection, ser. Advances in Information Security. Springer US, 2007, vol. 27, ch 8, pp.171-191.
  8. J. Stewart, Phatbot Trojan Analysis, 2004. Retrieved from SecureWorks:http://www.secureworks.com/research/threats/phatbot, 2004.
  9. T. Holz, M. Steiner, F. Dahl, E. Biersack and F. Freilling, 2008. Measurements and Mitigation of peer-to-peer based botnets-A Case Study on Storm Worm, in Proceedings 1st Usenix Workshop on Large-Scale Exploits and Emergent threats(Leet, Berkely, CA, USA, 2008).
  10. S. Stover, D. Dittrich, J. Hernandez and S. Dietrich, 2007. Analysis of the Storm and Nugache Trojans: P@P is here, in USENIX; login, vol. 32, no. 6, 2007.
  11. W. Lu, M. Tavallaee and A.A. Ghorbani, 2009. Automatic Discovery of botnet communities on large-scale communication Networks in Proc. 4th International Symposium on Information, Computer and Communications Security, ser. ASIACCS’09. New York, USA: ACM, 2009, pp. 1-10.
  12. GuofeiGu, Phillip Porras, Vinod Yegneswaran, Martin Fong and Wenke Lee, 2007. BotHunter: Detecting Malware Infection through IDS-driven dialog correlation, Proc. 16th USENIX security Symposium, pp. 167-182, 2007.
  13. GuofeiGu, Roberto Perdisci, Junjie Zhang and Wenke Lee, 2008. BotMiner: Clustering Analysis of Network traffic for protocol and Structure-independent Botnet Detection, Proc. 17th USENIX security Symposium, pp. 139-154, 2008.
  14. G. Miinz, G. Carle, 2007. Real-time Analysis Flow data for Network Attack Detection, in Proc. of 10th IFIP/ IEEE International Symposium on Integrated Network Management, pp. 100-108, 2007.
  15. Yukiko Sawaya, Ayumu Kubota, Yutaka Miyake, 2011. Detection of Attackers in Servers using Anomalous Host Behavior Based on Traffic Flow Statistics, PSJ International Symposium on Applications and the Internet, pp. 353-359, 2011.
  16. K. Shanthi, D. Sreenivasan, 2015. Detection of Botnet by Analyzing Network Traffic Flow Characteristics using Open Source tool, IEEE Sponsored 9th International Conference on Intelligent Systems and Control (ISCO) 2015.
  17. Francisco Villegas Alejandre, Nareli Cruz Cort’es and Eleazar Aguirre Anaya, 2017. Feature Selection to Detect Botnets using Machine Learning Algorithms, IEEE, and International Conference on Electronics, Communications and Computers (CONIELECOMP) 2017.
Index Terms

Computer Science
Information Sciences

Keywords

Bots SVM KNN Decision tree bot detection

Powered by PhDFocusTM