Analysis of Network Traffic Flows for Centralized Botnet Detection

Authors

  • Pedram Amini Academic Complex of Information, Communications and Security Technologies, Malek-e-Ashtar University of Technology, Tehran, Iran
  • Reza Azmi Faculty of Engineering, Al-Zahra University, Tehran, Iran
  • Muhammad Amin Araghizadeh Department of Electrical and Computer Engineering, University of Tehran, Tehran, Iran

Keywords:

Botnet Detection, Centralized Botnet, Data Clustering, Netflow Protocol, Rule-Based Classification,

Abstract

At present, the Internet users are facing the most serious threats considering the malwares have become a powerful tool for attackers. Botnets are one of the most significant malwares. A Bot is an intelligent program run by worms, Trojans or other malicious codes that could perform a group of cyber-attacks on the Internet. Botnets are used for attacks such as stealing data, spam, denial-of-service, phishing etc. A variety of methods and algorithms have been proposed to detect botnets, in which each of them has an emphasis on specific data or methods. Using Netflow data is an effective and agile method compared to other methods in detecting botnets. This research focuses on centralized and HTTP botnets. In the proposed method, we used the hierarchical clustering, XMeans clustering, and rule-based classification. The methods helped to achieve fast and accurate recognition. Hierarchical clustering improved the speed and accuracy rate in the process of separating the flows. The X-Means algorithm led to the highest cohesion inside the clusters and the maximum distance between clusters by choosing optimal K. Using rule-based classification, each cluster with the similar flow is placed in a bot cluster, a semi-bot cluster or a normal cluster. By performing network traffic flow analysis for the proposed method, sets of botnets have been evaluated and the results indicated that more than 95% accuracy in detection. By a minimum overhead, this approach can provide botnet detection with high accuracy and speed.

Downloads

Published

2019-05-24

How to Cite

Amini, P., Azmi, R., & Araghizadeh, M. A. (2019). Analysis of Network Traffic Flows for Centralized Botnet Detection. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 11(2), 7–17. Retrieved from https://jtec.utem.edu.my/jtec/article/view/4733

Issue

Vol. 11 No. 2: April - June 2019

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.