Title: Detecting botnet using traffic behaviour analysis and extraction of effective flow features
Authors: Sanaz Feizi; Hamidreza Ghaffari
Addresses: Department of Computer Engineering, Islamic Azad University, Ferdows Branch, Ferdows, Iran ' Department of Computer Engineering, Islamic Azad University, Ferdows Branch, Ferdows, Iran
Abstract: Botnets is one of the most serious attacks that cause irreversible damage to systems and networks, and it is important to detect and prevent botnets as attacks using them are constantly occurring. In the paper, the botnet detection method proposed so far was analysed, and based on the analysis, botnet detection method and effective flow features extraction method were proposed. The proposed method in this paper is able to detect and identify them not only during the attack phase, also in the C&C phase of botnet life cycle before they can attack the system or network. The proposed model is based on traffic behaviour analysis to detect botnet-related command and control traffic designed by using classification through selecting effective network flow-based features, which has the advantage that it can also detect encrypted traffic. Accordingly, it is thought that the paper will be an important help for various studies in the method of detecting botnets.
Keywords: botnet detection; network flow; traffic behaviour analysis; random forest; intrusion detection.
DOI: 10.1504/IJITST.2022.119672
International Journal of Internet Technology and Secured Transactions, 2022 Vol.12 No.1, pp.49 - 60
Received: 08 Apr 2020
Accepted: 28 Sep 2020
Published online: 14 Dec 2021 *