Abstract
In this paper, we propose a collaborative pattern-based filtering algorithm which is a behavior-based approach to detect bots in association with case-based reasoning and fuzzy pattern recognition techniques. Network traces are used as a pivotal element to inspect bot-relevant domain names and IP addresses. Particularly, this method extracts the features, and making use of such features along with the IP address, the case-based reasoning is performed. If the address is known, it will be classified as a known bot, whereas if it is unknown, the fuzzy-based mapping is performed to detect botnet. This proposed approach especially reduces the search time and enhances the prediction accuracy up to 96%, and it is also observed that it improves the knowledge repository.
Similar content being viewed by others
References
Feily, M.; Shahrestani, A.: A survey of botnet and botnet detection. In: Proceedings of the Third International Conference of IEEE on Emerging Security Information Systems and Technologies, pp. 268–273 (2009)
Wang, P.; Sparks, S.; Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010)
Panimalar, P.; Rameshkumar, K.: Time orient multi-model traffic analysis for efficient botnet detection in internet communication. Int. J. Appl. Eng. Res. 10(21), 42183–42188 (2015)
Huang, P.; Chen, H.; Xing, G.; Tan, Y.: SGF: a state-free gradient-based forwarding protocol for wireless sensor networks. ACM Trans. Sens. Netw. (TOSN) 5(2), 14 (2009)
Syed Saood, Z.; et al.: Case retrieval phase of case-based reasoning technique for medical diagnosis. World Appl. Sci. J. 32(3), 451–458 (2014)
Wang, K.; et al.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55(15), 3275–3286 (2011)
García, S., et al.: Botnet behavior detection using network synchronism. In: Privacy Intrusion Detection and Response: Technologies for Protecting Networks: Technologies for Protecting Networks, pp. 122–144 (2011)
Burke, R.: Hybrid web recommender systems. Adapt. Web 4321, 377–408 (2007)
Chen, H.; Shi, Q.; Tan, R.; Vincent Poor, H.; Sezaki, K.: Mobile element assisted cooperative localization for wireless sensor networks with obstacles. IEEE Trans. Wirel. Commun. 9(3), 956–963 (2010)
Stevanovic, M.; Pedersen, J.M.: An efficient flow-based botnet detection using supervised machine learning. In: IEEE International Conference on Computing, Networking and Communications (ICNC) (2014)
Zhao, D.; Traore, I.; Ghorbani, A.; Sayed, B.; Saad, S.; Lu, W.: Peer to peer botnet detection based on flow intervals. In: IFIP International Information Security Conference, Information Security and Privacy Research, pp. 87–102 (2012)
Chanthakoummane, Y.; Saiyod, S.; Benjamas, N.; Khamphakdee, N.: Improving Intrusion Detection on Snort Rules for Botnets Detection. Information Science and Applications (ICISA), pp. 765–779 (2016)
Alauthaman, M.; Aslam, N.; Zhang, L.; Alasem, R.; Hossain, M.A.: A P2P botnet detection scheme based on decision tree and adaptive multilayer neural networks. Neural Comput. Appl. 29(11), 991–1004 (2018)
Chen, J.; ChengRuiying, X.: BotGuard: lightweight real-time botnet detection in software-defined networks. Wuhan Univ. J. Nat. Sci. 22(2), 103–113 (2017)
McCarty, B.: Botnets: big and bigger. IEEE Secur. Priv. 1(4), 87–90 (2003)
Gu, G.; Zhang, J.; Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)
De Mantaras, L.; et al.: Retrieval, reuse, revision and retention in case-based reasoning. Knowl. Eng. Rev. 20(3), 215–240 (2005)
Aamodt, A.; Plaza, E.: Case-based reasoning: foundational issues, methodological variations and system approaches. AI Commun. 7(1), 39–59 (1994)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Panimalar, P., Rameshkumar, K. A Novel Traffic Analysis Model for Botnet Discovery in Dynamic Network. Arab J Sci Eng 44, 3033–3042 (2019). https://doi.org/10.1007/s13369-018-3319-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-018-3319-7