Visible to the public Detection of botnet by analyzing network traffic flow characteristics using open source tools

TitleDetection of botnet by analyzing network traffic flow characteristics using open source tools
Publication TypeConference Paper
Year of Publication2015
AuthorsShanthi, K., Seenivasan, D.
Conference Name2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO)
Date Publishedjan
ISBN Number978-1-4799-6480-2
KeywordsBluetooth, Bot, bot host classification, Bot master, bot masters, Botnet, botnet activity detection, Botnet cloud, botnet detection technique, C&C channels, click fraud, Computer crime, computer network security, Conferences, cyber threat, cybercriminal activities, DDoS, encrypted C&C channel, financial threat, fraud, invasive software, IP networks, Malware, Mobile Botnet, Mobile communication, network traffic flow characteristics analysis, open source tools, pattern classification, payload analysis, payload inspection, Payloads, phishing attack, pubcrawl170109, public domain software, Servers, telecommunication traffic

Botnets are emerging as the most serious cyber threat among different forms of malware. Today botnets have been facilitating to launch many cybercriminal activities like DDoS, click fraud, phishing attacks etc. The main purpose of botnet is to perform massive financial threat. Many large organizations, banks and social networks became the target of bot masters. Botnets can also be leased to motivate the cybercriminal activities. Recently several researches and many efforts have been carried out to detect bot, C&C channels and bot masters. Ultimately bot maters also strengthen their activities through sophisticated techniques. Many botnet detection techniques are based on payload analysis. Most of these techniques are inefficient for encrypted C&C channels. In this paper we explore different categories of botnet and propose a detection methodology to classify bot host from the normal host by analyzing traffic flow characteristics based on time intervals instead of payload inspection. Due to that it is possible to detect botnet activity even encrypted C&C channels are used.

Citation Keyshanthi_detection_2015