Behaviour analysis of machine learning algorithms for detecting P2P botnets

Botnets have emerged as a powerful threat on the Internet as it is being used to carry out cybercrimes. In this paper, we have analysed some machine learning techniques to detect peer to peer (P2P) botnets. As the detection of P2P botnets is widely unexplored area, we have focused on it. We experimented with different machine learning (ML) algorithms to compare their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Experiments are performed on the dataset containing the traces of various P2P botnets. Results and tradeoffs obtained of different ML algorithms on different metrics are presented at the end of the paper.

[1]  Shu-Chiung Lin,et al.  A novel method of mining network flow to detect P2P botnets , 2012, Peer-to-Peer Networking and Applications.

[2]  Thomas Hofmann,et al.  Non-redundant data clustering , 2006, Knowledge and Information Systems.

[3]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[4]  Leyla Bilge,et al.  Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[5]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[6]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[7]  Heikki Mannila,et al.  Principles of Data Mining , 2001, Undergraduate Topics in Computer Science.

[8]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[9]  Mrinal Kanti Ghose,et al.  A Framework for P2P Botnet Detection Using SVM , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[10]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[11]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[12]  Ian H. Witten,et al.  Weka: Practical machine learning tools and techniques with Java implementations , 1999 .

[13]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[14]  Dan Liu,et al.  A P2P-Botnet detection model and algorithms based on network streams analysis , 2010, 2010 International Conference on Future Information Technology and Management Engineering.

[15]  Felix C. Freiling,et al.  Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks , 2005, ESORICS.

[16]  Philip S. Yu,et al.  Top 10 algorithms in data mining , 2007, Knowledge and Information Systems.

[17]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[18]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[19]  Thorsten Holz,et al.  Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation , 2007, HotBots.

[20]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.