On the Use of Machine Learning for Identifying Botnet Network Traffic

Research output: Contribution to journalJournal articleResearchpeer-review

6 Citations (Scopus)
80 Downloads (Pure)

Abstract

During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection. As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic. This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Furthermore, the paper outlines possibilities for the future development of machine
learning-based botnet detection systems.
Original languageEnglish
JournalJournal of Cyber Security and Mobility
Volume4
Issue number2 & 3
Number of pages32
ISSN2245-1439
DOIs
Publication statusPublished - 22 Jan 2016
EventCMI International Conference on Cyber Crime, Cyber Security, Privacy and Trust - AAU CPH, København, Denmark
Duration: 26 Nov 201527 Nov 2015

Conference

ConferenceCMI International Conference on Cyber Crime, Cyber Security, Privacy and Trust
LocationAAU CPH
CountryDenmark
CityKøbenhavn
Period26/11/201527/11/2015

Fingerprint

Learning systems
Botnet
Internet

Keywords

  • Botnet detection
  • State of the art
  • Comparative analysis
  • Traffic analysis
  • Machine learning

Cite this

@article{fcca24d78b2447bc9d356640c1bcb7c2,
title = "On the Use of Machine Learning for Identifying Botnet Network Traffic",
abstract = "During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection. As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic. This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Furthermore, the paper outlines possibilities for the future development of machinelearning-based botnet detection systems.",
keywords = "Botnet detection, State of the art, Comparative analysis, Traffic analysis, Machine learning",
author = "Matija Stevanovic and Pedersen, {Jens Myrup}",
year = "2016",
month = "1",
day = "22",
doi = "10.13052/jcsm2245-1439.421",
language = "English",
volume = "4",
journal = "Journal of Cyber Security and Mobility",
issn = "2245-1439",
publisher = "River Publishers",
number = "2 & 3",

}

On the Use of Machine Learning for Identifying Botnet Network Traffic. / Stevanovic, Matija; Pedersen, Jens Myrup.

In: Journal of Cyber Security and Mobility, Vol. 4, No. 2 & 3, 22.01.2016.

Research output: Contribution to journalJournal articleResearchpeer-review

TY - JOUR

T1 - On the Use of Machine Learning for Identifying Botnet Network Traffic

AU - Stevanovic, Matija

AU - Pedersen, Jens Myrup

PY - 2016/1/22

Y1 - 2016/1/22

N2 - During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection. As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic. This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Furthermore, the paper outlines possibilities for the future development of machinelearning-based botnet detection systems.

AB - During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection. As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic. This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Furthermore, the paper outlines possibilities for the future development of machinelearning-based botnet detection systems.

KW - Botnet detection

KW - State of the art

KW - Comparative analysis

KW - Traffic analysis

KW - Machine learning

U2 - 10.13052/jcsm2245-1439.421

DO - 10.13052/jcsm2245-1439.421

M3 - Journal article

VL - 4

JO - Journal of Cyber Security and Mobility

JF - Journal of Cyber Security and Mobility

SN - 2245-1439

IS - 2 & 3

ER -