Journal
2022 17TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI)
Volume -, Issue -, Pages -Publisher
IEEE
Keywords
botnet; network flow; anomaly detection; inverse statistics
Categories
Funding
- Fundacao de Amparo a Pesquisa do Estado de Sao Paulo (FAPESP) [2020/05152-7]
Ask authors/readers for more resources
This article explores the mechanism of botnet detection based on network flow behavior and proposes a new technique called EFC which uses inverse statistics to detect anomalies. The experimental results show that EFC is more stable compared to other traditional algorithms.
A botnet is a network of infected computers, which are remotely controlled by a cybercriminal, called botmaster, which aims to carry out massive cyberattacks, such as DDoS, SPAM, and information theft. Traditional botnet detection methods, usually signature-based, are unable to detect unknown botnets. The behavior-based analysis is promising for detecting current botnet trends, which are constantly evolving. This article proposes an exploration analysis of botnet detection mechanisms based on the network flow behavior. The main technique used to detect botnets was recently developed and is called Energy-based Flow Classifier (EFC). This technique uses inverse statistics to detect anomalies. Two heterogeneous datasets, CTU-13 and ISOT HTTP were used to evaluate the efficiency of the generated model and the results were compared with several traditional classifiers, of one and two classes. The results obtained show that EFC obtained more stable results, regardless of the domain, unlike the other tested algorithms.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available