Home // IMMM 2013, The Third International Conference on Advances in Information Mining and Management // View article

Detecting Command and Control Channels of a Botnet Using a N-packet-based Approach

Authors:
Félix Brezo
José Gaviria de la Puerta
Pablo G. Bringas

Keywords: botnet detection; n-packets; supervised learning; traffic analysis

Abstract:
The botnet phenomenon is one of the major threats in nowadays cyberspace. The ability of malware writers to code profitable applications with a softened learning curve is forcing public and private organisms to take measures against these infections. In this paper, we propose a method to identify traffic belonging to the Command & Control channels from a botnet. Our method takes into account the attributes of the packets captured from a connection to build vectorial representations of the connection by appending them into sequences of packets. Thus, we provide an empirical study of how these representations can be used to detect such a communicative behaviour by considering the issue as a supervised classification problem and comparing the results obtained by more than 20 machine learning algorithms.

Pages: 24 to 31

Copyright: Copyright (c) IARIA, 2013

Publication date: November 17, 2013

Published in: conference

ISSN: 2326-9332

ISBN: 978-1-61208-311-7

Location: Lisbon, Portugal

Dates: from November 17, 2013 to November 21, 2013