期刊名称:International Journal of Future Generation Communication and Networking
印刷版ISSN:2233-7857
出版年度:2013
卷号:6
期号:6
页码:81-90
出版社:SERSC
摘要:Botnet is most widespread and occurs commonly in today's cyber attacks and they become one of the most serious threats on the Internet. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols and structures, and can become ineffective as Botnets change their structure and C&C techniques. In this paper, we proposed a new general detection strategy. This proposed strategy was based on degree distributions of node and anomaly net flows, and combined data mining technology. In this scheme, we first constructed accurate traffic profile based on packet behavioral mode, and then introduced dialog flow to draw traffic profile of node. Finally we set up degree distributions of node and group and applied the degree distributions of node as input of data mining, which were then classified and distinguished to obtain reliable results with acceptable accuracy. The advantages of our proposed detection method is that there is no need for prior knowledge of Botnets such as Botnet signature and the accuracy of the experiment results is as much as 99%. The FP rate and the FN rate can be controlled within 3%, the best is almost 0.
关键词:botnet; botnet detection; degree distribution; data mining
