Abstract
The Botnets has become a serious problem in network security. An organization should find the solutions to protect the data and network system to reduce the risk of the Botnets. The Snort Intrusion Detection System (Snort-IDS) is the popular usage software protection of the network security in the world and utilizes the rules to match the data packets traffic. There are some existing rules which can detect Botnets. This paper, improves the Snort-IDS rules for Botnets detection and we analyze Botnets behaviors in three rules packet such as Botnets_attack_1.rules, Botnets_attack_2.rules, and Botnets_ attack_3- .rules. Moreover, we utilize the MCFP dataset, which includes five files such as CTU-Malware-Capture-Botnet-42, CTU-Malware-Capture-Botnet-43, CTU-Malware-Capture-Botnet-47, CTU-Malware-Capture-Botnet-49, and CTU-Malware-Capture-Botnet-50 with three rule files of the Snort-IDS rules. The paper has particularly focused on three rule files for performance evaluation for efficiency of detection and the performance evaluation of fallibility for Botnets Detection. The performance of each rule is evaluated by detecting each packet. The experimental results shown that, the case of Botnets_attack_1.rules file can maximally detect Botnets detection for 809075 alerts, the efficiency of detection and fallibility for Botnets detection are 94.81% and 5.17%, respectively. Moreover, in the case of Botnets_attack_2.rules file, it can detect Botnets up to 836191 alerts, having efficiency of detection and fallibility for Botnets detection are 97.81% and 2.90%, respectively. The last case Botnets_attack_3.rules file can detect Botnets 822711 alerts, it can 93.72% of efficiency of detection and the value of fallibility is 6.27%. The Botnets_attack_2.rules file is most proficient rule for Botnets detection, because it has a high efficiency of detection for detection and a less of fallibility.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Konhiatou, C.Y., Kittitornkun, S., Kikuchi, H., Sisaat, K., Terada, M., Ishii, H.: Clustering top-10 malware/bots based on download behavior. In: Information Technology and Electrical Engineering (ICITEE) (2013)
Wang, D.R.X.: Chapter 12 - The Botnet Problem (2013). http://www.sciencedirect.com/science/article/pii/B978012394397200012X
GarcÃa, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Computers & Security 45, 100–123 (2014). Elsevier Ltd. All rights reserved
Sathish, V., Khader, P.S.A.: Deployment of Proposed Botnets Monitoring Platform using Online Malware Analysis for Distributed Environment. Indian Journal of Science and Technology 7(8), 1087–1093 (2014)
Awadi, A.H.R.A., Belaton, B.: Multi-phase IRC Botnet and Botnet Behavior Detection Model. International Journal of Computer Applications 66, 0975–8887 (2013)
Li, W.M., Xie, S.L., Luo, J., Zhu, X.D.: A detection method for botnet based on behavior features. In: Advanced Materials Research, pp. 765–767 (2013)
Shah, S.N., Singh, M.P.: Signature-Based Network Intrusion Detection System Using SNORT and WINPCAP. International Journal of Engineering Research & Technology (IJERT) 1, 1–7 (2012)
Geng, X., Liu, B., Huang, X.: Investigation on security system for snort-based campus network. In: Proceedings of the 1st International Conference on Information Science and Engineering (ICISE), Nanjing, China, Nanjing University of Science and Technology, pp. 1756–1758. IEEE (2009)
Rani, S., Singh, V.: SNORT: An Open Source Network Security Tool for Intrusion Detection in Campus Network Environment. International Journal of Computer Technology and Electronics Engineering 2, 137–142 (2012)
Huang, C., Xiong, J., Peng, Z.: Applied research on snort intrusion detection model in the campus network. In: IEEE Symposium on Robotics and Applications (ISRA) (2012)
Roesch, M.: Snort–lightweight intrusion detection for networks. In: Systems Administration Conference, Washington, USA, pp. 229–238 (1999)
Khamphakdee, N., Benjamas, N., Saiyod, S.: Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining. Journal of ICT Research and Applications 8, 234–250 (2015)
http://mcfp.weebly.com/mcfp-dataset.html (accessed May 2015)
Wireshark. https://en.wikipedia.org/wiki/Wireshark (accessed August 2015)
Khamphakdee, N., Benjamas, N., Saiyod, S.: Improving intrusion detection system based on snort rules for network probe attack detection. In: International Conference on Information and Communication Technology (ICoICT) (2014)
Chanthakoummane, Y., Saiyod, S., Khamphakdee, N.: Evaluation snort-IDS rules for botnets detection. In: National Conference on Infomation Technology (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Chanthakoummane, Y., Saiyod, S., Benjamas, N., Khamphakdee, N. (2016). Improving Intrusion Detection on Snort Rules for Botnets Detection. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_74
Download citation
DOI: https://doi.org/10.1007/978-981-10-0557-2_74
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0556-5
Online ISBN: 978-981-10-0557-2
eBook Packages: EngineeringEngineering (R0)