Advertisement

A Closer Look at the HTTP and P2P Based Botnets from a Detector’s Perspective

  • Fariba HaddadiEmail author
  • A. Nur Zincir-Heywood
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9482)

Abstract

Botnets are one of the main aggressive threats against cybersecurity. To evade the detection systems, recent botnets use the most common communication protocols on the Internet to hide themselves in the legitimate users traffic. From this perspective, most recent botnets are HTTP based and/or Peer-to-Peer (P2P) systems. In this work, we investigate whether such structural differences have any impact on the performance of the botnet detection systems. To this end, we studied the differences of three machine learning techniques (Decision Tree, Genetic Programming and Bayesian Networks). The investigated approaches have been previously shown effective for HTTP based botnets. We also analyze the detection models in detail to highlight any behavioural differences between these two types of botnets. In our analysis, we employed four HTTP based publicly available botnet data sets (namely Citadel, Zeus, Conficker and Virut) and four P2P based publicly available botnet data sets (namely ISOT, NSIS, ZeroAccess and Kelihos).

Keywords

Botnet detection HTTP P2P Machine learning 

Notes

Acknowledgments

This research is supported by the Canadian Safety and Security Program(CSSP) E-Security grant. The CSSP is led by the Defense Research and Development Canada, Centre for Security Science (CSS) on behalf of the Government of Canada and its partners across all levels of government, response and emergency management organizations, nongovernmental agencies, industry and academia.

References

  1. 1.
  2. 2.
    Alpaydin, E.: Introduction to Machine Learning. MIT Press, Cambridge (2004)Google Scholar
  3. 3.
    Beigi, E.B., Jazi, H., Stakhanova, N., Ghorbani, A.: Towards effective feature selection in machine learning-based botnet detection approaches. In: Communications and Network Security (CNS) (2014)Google Scholar
  4. 4.
  5. 5.
    Feily, M., Shahrestani, A.: A survey of botnet and botnet detection emerging security information. In: Systems and Technologies (2009)Google Scholar
  6. 6.
    Garcia, S.: Malware capture facility project, cvut university, February 2013. https://agents.fel.cvut.cz/malware-capture-facility
  7. 7.
    Garcia, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)CrossRefGoogle Scholar
  8. 8.
    Haddadi, F., Cong, D.L., Porter, L., Zincir-Heywood, A.N.: On the effectiveness of different botnet detection approaches. In: ISPEC (2015)Google Scholar
  9. 9.
    Haddadi, F., Runkel, D., Zincir-Heywood, A., Heywood, M.: On botnet behaviour analysis using GP and C4.5. In: Gecco Companion (2014)Google Scholar
  10. 10.
    Haddadi, F., Zincir-Heywood, A.N.: Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Syst. J. PP(99), 1–12 (2014). doi: 10.1109/JSYST.2014.2364743. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6963332&tag=1
  11. 11.
    Haddadi, F., Zincir-Heywood, A.N.: Botnet detection system analysis on the effect of botnet evolution and feature representation. In: Gecco Companion (2015)Google Scholar
  12. 12.
    Kirubavathi, V., Nadarajan, R.: Http botnet detection using adaptive learning rate multilayer feed-forward neural network. In: Information Security Theory, Practice: Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems (2012)Google Scholar
  13. 13.
    Lichodzijewski, P., Heywood, M.I.: Coevolutionary bid-based genetic programming for problem decomposition in classification. Genet. Program. Evolvable Mach. 9, 331–365 (2008)CrossRefGoogle Scholar
  14. 14.
    RFC 2722, October 1999. http://tools.ietf.org/html/rfc2722
  15. 15.
    Vuong, S.T., Alam, M.S.: Advanced methods for botnet intrusion detection systems. In: Intrusion Detection Systems (2011)Google Scholar
  16. 16.
    Wang, K., Huang, C., Lin, S., Lin, Y.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55, 3275–3286 (2011)CrossRefGoogle Scholar
  17. 17.
    Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., Kirda, E.: Automatically generating models for botnet detection. In: Backes, Michael, Ning, Peng (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 232–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Zhang, J., Perdisci, R., Lee, U.S.W., Luo, Z.: Detecting stealthy p2p botnets using statistical traffic fingerprints. In: Dependable Systems and Networks (DSN) (2011)Google Scholar
  19. 19.
    Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. J. 39, 2–16 (2013). doi: 10.1016/j.cose.2013.04.007. http://www.sciencedirect.com/science/article/pii/S0167404813000837. Part ACrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Faculty of Computer ScienceDalhousie UniversityHalifaxCanada

Personalised recommendations