@inproceedings{42e92cf2fcc84aaaaccd3b8efa3aad5b,
title = "An analysis of network traffic classification for botnet detection",
abstract = "Botnets represent one of the most serious threats to the Internet security today. This paper explores how can network traffic classification be used for accurate and efficient identification of botnet network activity at local and enterprise networks. The paper examines the effectiveness of detecting botnet network traffic using three methods that target protocols widely considered as the main carriers of botnet Command and Control (C&C) and attack traffic, i.e. TCP, UDP and DNS. We propose three traffic classification methods based on capable Random Forests classifier. The proposed methods has been evaluated through the series of experiments using traffic traces originating from 40 different bot samples and diverse non- malicious applications. The evaluation indicate accurate and time- efficient classification of botnet traffic for all three protocols. The future work will be devoted to the optimization of traffic analysis and the correlation of findings from the three analysis methods in order to identify compromised hosts within the network.",
keywords = "Botnet, Botnet Detection, Traffic Analysis, Traffic Classification, MLAs, Random Forests, Features Selection",
author = "Matija Stevanovic and Pedersen, {Jens Myrup}",
year = "2015",
month = aug,
doi = "10.1109/CyberSA.2015.7361120",
language = "English",
isbn = "9781467367974",
series = "International Conference on Cyber Situational Awareness, Data Analytics and Assessment Proceedings. (cyberSA)",
publisher = "IEEE Press",
booktitle = "The proceedings of International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015",
note = "International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 ; Conference date: 08-06-2015 Through 09-06-2015",
}