Classification Based Network Layer Botnet Detection

  • Shivangi GargEmail author
  • R. M. Sharma
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 712)


Botnets has emerged as the capacious cyber security menace that is encountered by the institutions as well as population around the terrene. It has matured into becoming the primal carrier for launching the most serious menace such as DDOS attacks, spreading of spams, stealing of user’s sensitive information (Banking info, credit card info etc.) and more. Generally, the community of common users are unaware of security standards that make them even more susceptible to bot attacks. A sententious amount of research for botnet detection and analysis has been done but significant amount of work has not been done in terms of contributing a community herded tool for bots. We propose an idea to perform filtration and classification on data received by Botflex that can help to reduce processing overhead and throughput of IDS will be improved. Botflex have limited set of detection parameters which are extended in our proposed approach.


Botnet Network layer Filtration Classification Behaviour based IDS 


  1. 1.
    Karim, A., Salleh, R.B., Shiraz, M., Shah, S.A.A., Awan, I., Anuar, N.B.: Botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ. SCI. C 15, 943–983 (2014). doi: 10.1631/jzus.C1300242 CrossRefGoogle Scholar
  2. 2.
    Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of botnet behavior, detection and defense. IEEE Commun. Surv. Tutorials 16, 898–924 (2014). doi: 10.1109/SURV.2013.091213.00134 CrossRefGoogle Scholar
  3. 3.
    Silva, S.S.C., Silna, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnet: a survey. Comput. Netw. 57, 378–403 (2013). ElsevierCrossRefGoogle Scholar
  4. 4.
    Gross, G.: Detecting and destroying botnets. Netw. Secur. 2016(3), 7–10 (2016)CrossRefGoogle Scholar
  5. 5.
  6. 6.
  7. 7.
    Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA 2007, vol. 7, pp. 1–16 (2007)Google Scholar
  8. 8.
    Khattak, S., Ahmed, Z., Syed, A.A., Khayam, S.A.: BotFlex: a community-driven tool for botnet detection. J. Netw. Comput. Appl. 58(2015), 144–154 (2015)CrossRefGoogle Scholar
  9. 9.
    Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7th USENIX Security Symposium San Antonio, Texas, vol. 31, pp. 2435–2463 (1998)Google Scholar
  10. 10.
    Gómez, J., Gil, C., Padilla, N., Baños, R., Jiménez, C.: Design of a snort-based hybrid intrusion detection system. In: Omatu, S., Rocha, M.P., Bravo, J., Fernández, F., Corchado, E., Bustillo, A., Corchado, J.M. (eds.) IWANN 2009. LNCS, vol. 5518, pp. 515–522. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02481-8_75 CrossRefGoogle Scholar
  11. 11.
  12. 12.
    Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium, San Jose, CA, USA 2008, vol. 5, pp. 139–154 (2008)Google Scholar
  13. 13.
    Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., et al.: Botnet detection based on traffic behavior analysis and flow intervals. Computer Security 39(2013), 2–16 (2013)CrossRefGoogle Scholar
  14. 14.
    Haq, O., Ahmed, W., Syed, A.A.: Titan: enabling low overhead and multi-faceted network fingerprinting of a bot. In: Proceedings of the 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. DSN 2014. Washington, DC, USA, pp. 37–44. IEEE Computer Society (2014). doi: 10.1109/DSN.2014.20
  15. 15.
    Shin, S., Xu, Z., Gu, G.: EFFORT: a new host- network cooperated framework for efficient and effective bot malware detection. Comput. Netw. 57, 2628–2642 (2013)CrossRefGoogle Scholar
  16. 16.
    Zand, A., Vigna, G., Yan, X., Kruegel, C.: Extracting probable command and control signatures for detecting botnets. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing (SAC 2014), New York, NY, USA, pp. 1657–1662. ACM (2014). doi: 10.1145/2554850.2554896
  17. 17.
    Sakib, M.N., Huang, C.-T.: Using anomaly detection based techniques to detect HTTP-based botnet C&C traffic. In: 2016 IEEE International Conference on Communications (ICC). IEEE, pp. 1–6 (2016). doi: 10.1109/ICC.2016.7510883
  18. 18.
    Chen, C.-M., Lin, H.-C.: Detecting botnet by anomalous traffic. J. Inf. Secur. Appl. 21, 42–51 (2015)Google Scholar
  19. 19.
    Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)Google Scholar
  20. 20.
  21. 21.
    Alieyan, K., ALmomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Neural Comput. Appl. 28, 1541–1558 (2015). Springer, HeidelebrgGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.Department of Computer EngineeringNational Institute of TechnologyKurukshetraIndia

Personalised recommendations