Using Unsupervised Machine Learning to Detect Peer-to-Peer Botnet Flows

Authors

  • Andrea E. Medina Paredes
  • Yuan-Yuan Su
  • Wei Wu
  • Hung-Min Sun

Keywords:

clusters, network flows, P2P botnets, unsupervised learning

Abstract

The war against botnet infection is fought every day by users that want to feel safe against any threat of compromise hosts. In this paper we are going to focus on the behavior of Peer 2 Peer (P2P) botnets, which along with hybrid botnets is a growing trend among attackers. The main approach will consist of a behavior comparison among features extracted from network flows, focusing only in the flows from P2P applications including P2P botnets.

References

R. Price, “Business Insider,” http://www.businessinsider.com/hola-used-for-botnet-on-chrome, May 2015.

P. Barthakur, M. Dahal, and M. K. Ghose, “A framework for P2P botnet detection using SVM,” in International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, Sanya, 2012.

W. H. Liao and C. C. Chang,, “Peer to peer botnet detection using data mining scheme,” International Conference on Internet Technology and Applications, Wuhan, 2010.

S. Hochbaum, “A best possible heuristic for the k-center problem,” in Mathematics of Operations Research, 1985.

P. N. Tan, M. Steinbach, and V. Kumar, “Cluster analysis: basic concepts and algorithms,” Introduction to Data Mining, Pearson, pp. 487-559, 2005.

M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, “The WEKA data mining software: an update,” SIGKDD Explorations, 2009.

B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, “PeerRush: mining for unwanted P2P traffic,” Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, vol. 7967, pp. 62-82, 2013.

Downloads

Published

2016-08-01

How to Cite

[1]
A. E. M. Paredes, Y.-Y. Su, W. Wu, and H.-M. Sun, “Using Unsupervised Machine Learning to Detect Peer-to-Peer Botnet Flows”, Proc. eng. technol. innov., vol. 3, pp. 28–30, Aug. 2016.

Issue

Vol. 3 (2016)

Section

Articles

License

Submission of a manuscript implies: that the work described has not been published before that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication. Authors can retain copyright of their article with no restrictions. Also, author can post the final, peer-reviewed manuscript version (postprint) to any repository or website.

 


Since Oct. 01, 2015, PETI will publish new articles with Creative Commons Attribution Non-Commercial License, under The Creative Commons Attribution Non-Commercial 4.0 International (CC BY-NC 4.0) License.
The Creative Commons Attribution Non-Commercial (CC-BY-NC) License permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes