Using Unsupervised Machine Learning to Detect Peer-to-Peer Botnet Flows
The war against botnet infection is fought every day by users that want to feel safe against any threat of compromise hosts. In this paper we are going to focus on the behavior of Peer 2 Peer (P2P) botnets, which along with hybrid botnets is a growing trend among attackers. The main approach will consist of a behavior comparison among features extracted from network flows, focusing only in the flows from P2P applications including P2P botnets.
R. Price, “Business Insider,” http://www.businessinsider.com/hola-used-for-botnet-on-chrome, May 2015.
P. Barthakur, M. Dahal, and M. K. Ghose, “A framework for P2P botnet detection using SVM,” in International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, Sanya, 2012.
W. H. Liao and C. C. Chang,, “Peer to peer botnet detection using data mining scheme,” International Conference on Internet Technology and Applications, Wuhan, 2010.
S. Hochbaum, “A best possible heuristic for the k-center problem,” in Mathematics of Operations Research, 1985.
P. N. Tan, M. Steinbach, and V. Kumar, “Cluster analysis: basic concepts and algorithms,” Introduction to Data Mining, Pearson, pp. 487-559, 2005.
M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, “The WEKA data mining software: an update,” SIGKDD Explorations, 2009.
B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, “PeerRush: mining for unwanted P2P traffic,” Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, vol. 7967, pp. 62-82, 2013.
Copyright (c) 2016 Proceedings of Engineering and Technology Innovation
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Submission of a manuscript implies: that the work described has not been published before that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication. Authors can retain copyright in their article with no restrictions. Also, author can post the final, peer-reviewed manuscript version (postprint) to any repository or website.
From Oct. 01, 2015, PETI will publish new articles with Creative Commons Attribution Non-Commercial License, under Creative Commons Attribution 4.0 International Public License.
The Creative Commons Attribution Non-Commercial (CC-BY-NC) License permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes