期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2014
卷号:67
期号:2
出版社:Journal of Theoretical and Applied
摘要:Botnet most widespread and occurs commonly in today�s cyber-attacks, resulting in serious threats to our network assets and organization�s properties hence there is a high need to detect and prevent the adverse effects of bots. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) infrastructure. This paper focuses on classifying the bots and the regular hosts in the network through the classification based on their behavior. The goal is to develop a live version of the botnet detection system which identifies a botnet activity in a network, based on traffic behavior analysis and flow intervals which does not depend on packet pay load i.e., they can work on encrypted network communication protocol. The approach is to classify packets based on source IP, destination IP, number of packet, etc., using decision tree which is a classification technique in machine learning. The attribute selection is mainly based on packet attribute and does not consider the data part. The feasibility of the approach is to detect botnet activity without having seen a complete network flow by classifying behavior based on time intervals.
