Pattern Extraction Algorithm for NetFlow-Based Botnet Activities Detection

الملخص EN

As computer and network technologies evolve, the complexity of cybersecurity has dramatically increased.

Advanced cyber threats have led to current approaches to cyber-attack detection becoming ineffective.

Many currently used computer systems and applications have never been deeply tested from a cybersecurity point of view and are an easy target for cyber criminals.

The paradigm of security by design is still more of a wish than a reality, especially in the context of constantly evolving systems.

On the other hand, protection technologies have also improved.

Recently, Big Data technologies have given network administrators a wide spectrum of tools to combat cyber threats.

In this paper, we present an innovative system for network traffic analysis and anomalies detection to utilise these tools.

The systems architecture is based on a Big Data processing framework, data mining, and innovative machine learning techniques.

So far, the proposed system implements pattern extraction strategies that leverage batch processing methods.

As a use case we consider the problem of botnet detection by means of data in the form of NetFlows.

Results are promising and show that the proposed system can be a useful tool to improve cybersecurity.