Data Confirmation for Botnet Traffic Analysis

In this paper, we propose a systematic approach to generate botnet traffic. Given the lack of benchmarking botnet traffic data, we anticipate that such an endeavour will be beneficial to the research community. To this end, we employ the proposed approach to generate the communication phase of the Zeus and Citadel botnet traffic as a case study. We evaluate the characteristics of the generated data against the characteristics of a sandbox Zeus botnet, as well as the Zeus and Citadel botnet captures in the wild provided by NETRESEC and Snort. Our analysis confirms that the generated data is comparable to the data captured in the wild.

[1]  Leyla Bilge,et al.  Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[2]  Matthias Hollick,et al.  Information Security Theory and Practice -- Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems , 2012 .

[3]  A. Nur Zincir-Heywood,et al.  Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers , 2014, 2014 28th International Conference on Advanced Information Networking and Applications Workshops.

[4]  A. Nur Zincir-Heywood,et al.  On botnet behaviour analysis using GP and C4.5 , 2014, GECCO.

[5]  Radu State,et al.  BotTrack: Tracking Botnets Using NetFlow and PageRank , 2011, Networking.

[6]  Amr M. Youssef,et al.  On the analysis of the Zeus botnet crimeware toolkit , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[7]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[8]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[9]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[10]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[11]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.