RP_Journal_2245-1439_421.pdf - On the Use of Machine...

This preview shows page 1 - 3 out of 32 pages.

On the Use of Machine Learning for Identifying Botnet Network Traffic Matija Stevanovic and Jens Myrup Pedersen Wireless Communication Networks Section, Department of Electronic Systems Aalborg University, Aalborg, Denmark Email: { mst; jens } @es.aau.dk Received 31 August 2015; Accepted 20 November 2015; Publication 22 January 2016 Abstract During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection.As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic. This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Further- more, the paper outlines possibilities for the future development of machine learning-based botnet detection systems. Keywords: Botnet detection, State of the art, Comparative analysis, Traffic analysis, Machine learning. Journal of Cyber Security, Vol. 4, 1–32. doi: 10.13052/jcsm2245-1439.421 c 2016 River Publishers. All rights reserved.
Image of page 1

Subscribe to view the full document.

2 M. Stevanovic and J. M. Pedersen 1 Introduction Botnets represent networks of computers compromised with sophisticated bot malware that puts them under the control of a remote attacker [1]. Bot malware provides the attacker with the ability to remotely control behavior of the compromised computers through specially deployed Command and Control (C&C)communicationchannels.Computerscompromisedbythebotmalware are popularly referred to as bots or zombies, while the attacker is referred to as the botmaster. Controlled and coordinated by the botmaster, botnets represent a collaborative and highly distributed platform for the implementation of a wide range of malicious and illegal activities, such as sending SMAP e-mails, DDoS (Distributed Denial of Service) attacks, Information theft, etc. Due to their malicious potential botnets are often regarded as one of the biggest security threats today [1, 2]. Over the course of the last decade, many botnet detection approaches have been reported in the literature, with various goals, based on diverse technical principles and varying assumptions about bot behavior and the characteristics of botnet network activity [2–4]. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack
Image of page 2
Image of page 3

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern