3624-7390-1-PB.pdf - 563 International Journal of...

This preview shows page 1 - 2 out of 17 pages.

563 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 10, No. 3, December 2018 BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features Mohammed S. Gadelrab 1 , Muhammad ElSheikh 1, 2 , Mahmoud A. Ghoneim 1, 3 and Mohsen Rashwan 4 1 IT Metrology Lab, National Institute for Standards, Egypt 2 Institute for Information Systems Engineering (CIISE), Concordia University, Canada 3 Computer Science Department, School of Engineering and Applied Science, George Washington University, USA 4 Communication Engineering Department, Faculty of Engineering, Cairo University, Egypt Abstract : In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML) techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of many research efforts. This research aims to overcome two serious limitations of current botnet detection systems: First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. To achieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we have identified a set of statistical features that may help to distinguish between benign and botnet malicious traffic. Then, we have carried several machine learning experiments in order to test the suitability of ML techniques and also to pick a minimal subset of the identified features that provide best detection. We have implemented our approach in a tool called BotCap whose test results proved its ability to detect individually infected hosts in a local network. Keywords : Security, Botnet, Botware, Malware Analysis, Malware Detection, Machine Learning . 1. Introduction The Internet reflects both the good and the bad sides of the physical world. With the emergence of the Internet, new kinds of crime namely cybercrimes have been flourishing and spreading. The new criminals have various goals and tools. Malware “malicious software” is considered as the main tool in the hands of cyber-criminals. Today, new generations of malware are becoming multi- faceted and more modular. Botnets are one of these outcomes. Botnet robot network is a network of Internet- connected, compromised hosts (also known as bots, bot- clients, or zombies). Bots are remotely controlled by an attacker called botmaster via a Command-and-Control (C&C) channel. C&C channels often take place over existing network protocols including Internet Chat Rely (IRC), Hypertext Transfer Protocol (HTTP), or other Peer-To-Peer protocols (P2P). Botnets can be categorized, based on C&C system, into centralized and decentralized botnets. The centralized botnet has a form of traditional client-server network model. A bot acts as a client-side and connects to a central C&C server. In decentralized botnets, any bot can act as a C&C sever for some other bots instead of a central C&C server. Bots serve as a proxy infrastructure and a launch base for a wide variety of cyber attacks such as sending SPAM
Image of page 1

Subscribe to view the full document.

Image of page 2
  • Summer '17
  • SIR AZHAR
  • Machine Learning, Peer-to-peer, Internet bot, International Journal of Communication Networks, IJCNIS

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern