Botnet Detection via mining of network traffic flow

Abstract During the past decade, botnet has emerged as a very serious threat to cyber security by proving it’s capability of compromising billions of computers and making them does the illegal work. There are a number of existing ways by which botnet can be detected. A comprehensive overview of the existing techniques is also stated in this paper. Due to the involvement of huge amount of data, detection of botnet using machine learning algorithms is in huge trend. In this paper, we have used machine learning to train classifiers by a specific network flow dataset. Thereafter, the trained classifiers were applied on the collected data in order to evaluate the results. Analysis of network flow data is usedas a method of detection because it doesn’t depend upon the packet content hence giving immunity towards the latest form of encryption and obfuscation used by attackers in order to hide their bots. Results are clearly showing that the proposed method is capable of differentiating the normal traffic and the bot traffic with a high accuracy and low false positive rate. In addition to this, almost every type of botnet can be detected using the proposed model.