An Effective Conversation-Based Botnet Detection Method

الملخص EN

A botnet is one of the most grievous threats to network security since it can evolve into many attacks, such as Denial-of-Service (DoS), spam, and phishing.

However, current detection methods are inefficient to identify unknown botnet.

The high-speed network environment makes botnet detection more difficult.

To solve these problems, we improve the progress of packet processing technologies such as New Application Programming Interface (NAPI) and zero copy and propose an efficient quasi-real-time intrusion detection system.

Our work detects botnet using supervised machine learning approach under the high-speed network environment.

Our contributions are summarized as follows: (1) Build a detection framework using PF_RING for sniffing and processing network traces to extract flow features dynamically.

(2) Use random forest model to extract promising conversation features.

(3) Analyze the performance of different classification algorithms.

The proposed method is demonstrated by well-known CTU13 dataset and nonmalicious applications.

The experimental results show our conversation-based detection approach can identify botnet with higher accuracy and lower false positive rate than flow-based approach.