securware_2018_7_10_30121.pdf - SECURWARE 2018 The Twelfth...

This preview shows page 1 - 2 out of 6 pages.

A Botnet Detection System Based on Machine-Learning using Flow-Based Features Chien-Hau Hung, Hung-Min Sun Department of Computer Science National Tsing Hua University Hsinchu, Taiwan 30013 e-mails: [email protected], [email protected] Abstract —Botnets have always been a formidable cyber security threat. Internet of Things (IoT) has become an important technique and the number of internet-connected smart devices has been increasing by more than 15% every year. It is for this reason that botnets are growing rapidly. Although the antivirus on Personal Computer (PC) has being applied for a long time, the threats from the botnets still cannot be eliminated. Smart devices and IOT are still in their initial stages, hence there are uncertainties about the security issues. In the foreseeable future, more devices will become victims of botnets. In this paper, we propose a system for detecting potential botnets by analyzing their flows on the Internet. The system classifies similar flow traffic into groups, and then extracts the behavior patterns of each group for machine learning. The system not only can analyze P2P botnets, but also extracts the patterns to application layer and can analyze botnets using HTTP protocols. Keywords- botnet; machine learning; feature selection; J48. I. I NTRODUCTION Victims of botnets, along with smart devices, have grown substantially in number. According to IoT Online Store [1], there are 22.9 billion devices around the globe being connected to the Internet and being used for multiple purposes. The number of smart devices is estimated to be more than 50 billion by 2020. However, smart devices, such as PC, smart phones and other devices are not as safe as we think. They could be infected by malicious software without any abnormal symptoms until they are needed to act as bots. The bots are controlled by a botmaster through Command and Control (C&C) channels using different kinds of communication protocols. Over the last decade, a lot of research has been done on the detection of different bot families. Most of the research is based on machine learning, of which the performance mainly depends on the features selected for the classifier. Therefore, selecting proper features for the classification model is important. However, there is a trade-off between achieving high detection accuracy and spending huge computation time on constructing a large classification model. On one hand, using all features to build a classification model leads to a significant overhead. On the other hand, using improper or too few features may cause the accuracy rate to decrease. Motivation. As the number of botnet attacks has been increasing [2], it is very difficult to find devices without any vulnerability, not to mention the fact that common users do not patch their devices on time. Hence, there is a need for a botnet detection system to verify if the botnets are within the devices.
Image of page 1

Subscribe to view the full document.

Image of page 2

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern