An efficient flow-based botnet detection using supervised machine learning

Matija Stevanovic, Jens Myrup Pedersen

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

44 Citations (Scopus)
1 Downloads (Pure)

Abstract

Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs to be observed per flow in order to capture the patterns of malicious traffic. The proposed system has been tested through the series of experiments using traffic traces originating from two well-known P2P botnets and diverse non-malicious applications. The results of experiments indicate that the system is able to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates a strong potential of using the proposed approach within a future on-line detection framework.
Original languageEnglish
Title of host publicationComputing, Networking and Communications (ICNC), 2014 International Conference on
Number of pages5
PublisherIEEE Press
Publication date2014
Pages797-801
ISBN (Print)978-1-4799-2358-8
DOIs
Publication statusPublished - 2014
EventInternational Conference on Computing, Networking and Communications - Honolulu, Hawaii, United States
Duration: 3 Feb 20146 Feb 2014

Conference

ConferenceInternational Conference on Computing, Networking and Communications
CountryUnited States
CityHonolulu, Hawaii
Period03/02/201406/02/2014
SeriesInternational Conference on Computing, Networking and Communications

Fingerprint

Learning systems
Learning algorithms
Botnet
Experiments

Keywords

  • Botnet
  • Botnet detection
  • Traffic analysis
  • Traffic classification
  • Machine learning

Cite this

Stevanovic, M., & Pedersen, J. M. (2014). An efficient flow-based botnet detection using supervised machine learning. In Computing, Networking and Communications (ICNC), 2014 International Conference on (pp. 797-801). IEEE Press. International Conference on Computing, Networking and Communications https://doi.org/10.1109/ICCNC.2014.6785439
Stevanovic, Matija ; Pedersen, Jens Myrup. / An efficient flow-based botnet detection using supervised machine learning. Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE Press, 2014. pp. 797-801 (International Conference on Computing, Networking and Communications).
@inproceedings{7c50318a4b6140d9af646466f22ccb18,
title = "An efficient flow-based botnet detection using supervised machine learning",
abstract = "Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs to be observed per flow in order to capture the patterns of malicious traffic. The proposed system has been tested through the series of experiments using traffic traces originating from two well-known P2P botnets and diverse non-malicious applications. The results of experiments indicate that the system is able to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates a strong potential of using the proposed approach within a future on-line detection framework.",
keywords = "Botnet, Botnet detection, Traffic analysis, Traffic classification, Machine learning",
author = "Matija Stevanovic and Pedersen, {Jens Myrup}",
year = "2014",
doi = "10.1109/ICCNC.2014.6785439",
language = "English",
isbn = "978-1-4799-2358-8",
series = "International Conference on Computing, Networking and Communications",
pages = "797--801",
booktitle = "Computing, Networking and Communications (ICNC), 2014 International Conference on",
publisher = "IEEE Press",

}

Stevanovic, M & Pedersen, JM 2014, An efficient flow-based botnet detection using supervised machine learning. in Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE Press, International Conference on Computing, Networking and Communications, pp. 797-801, International Conference on Computing, Networking and Communications, Honolulu, Hawaii, United States, 03/02/2014. https://doi.org/10.1109/ICCNC.2014.6785439

An efficient flow-based botnet detection using supervised machine learning. / Stevanovic, Matija; Pedersen, Jens Myrup.

Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE Press, 2014. p. 797-801 (International Conference on Computing, Networking and Communications).

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

TY - GEN

T1 - An efficient flow-based botnet detection using supervised machine learning

AU - Stevanovic, Matija

AU - Pedersen, Jens Myrup

PY - 2014

Y1 - 2014

N2 - Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs to be observed per flow in order to capture the patterns of malicious traffic. The proposed system has been tested through the series of experiments using traffic traces originating from two well-known P2P botnets and diverse non-malicious applications. The results of experiments indicate that the system is able to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates a strong potential of using the proposed approach within a future on-line detection framework.

AB - Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs to be observed per flow in order to capture the patterns of malicious traffic. The proposed system has been tested through the series of experiments using traffic traces originating from two well-known P2P botnets and diverse non-malicious applications. The results of experiments indicate that the system is able to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates a strong potential of using the proposed approach within a future on-line detection framework.

KW - Botnet

KW - Botnet detection

KW - Traffic analysis

KW - Traffic classification

KW - Machine learning

U2 - 10.1109/ICCNC.2014.6785439

DO - 10.1109/ICCNC.2014.6785439

M3 - Article in proceeding

SN - 978-1-4799-2358-8

T3 - International Conference on Computing, Networking and Communications

SP - 797

EP - 801

BT - Computing, Networking and Communications (ICNC), 2014 International Conference on

PB - IEEE Press

ER -

Stevanovic M, Pedersen JM. An efficient flow-based botnet detection using supervised machine learning. In Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE Press. 2014. p. 797-801. (International Conference on Computing, Networking and Communications). https://doi.org/10.1109/ICCNC.2014.6785439