Skip to main content
SpringerLink
Log in

Botnet Traffic Detection Techniques by C&C Session Classification Using SVM

  • Conference paper
Advances in Information and Computer Security (IWSEC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4752))

Included in the following conference series:

Abstract

Bots, which are new malignant programs are hard to detect by signature based pattern matching techniques.

In this research, we focused on a unique function of the bots the remote control channel (C&C session). We clarified that the C&C session has unique characteristics that come from the behavior of bot programs. Accordingly, we propose an alternative technique to identify computers compromised by the bot program for the classification of the C&C session from the traffic data using a machine learning algorithm support vector machine (SVM). Our evaluation resulted in 95% accuracy in the identification of the C&C session by using SVM. We evaluated that the packet histogram vector of the session is better than the other vector definitions for the classification of the bot C&C session.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barford, P., Yagneswaran, V.: An Inside Look at Botnets. In: Special Workshop on Malware Detection, Advances in Information Security, Springer, Heidelberg (2006)

    Google Scholar 

  2. Nepenthes Development Team: http://nepenthes.mwcollect.org/stats:scannertest available from http://nepenthes.mwcollect.org/stats:scannertest

  3. M. Roesch: Snort: Lightweight intrusion detection for networks. In: 13th Systems Administration Conference (LISA 1999), pp. 229–238. USENIX Associations (1999)

    Google Scholar 

  4. Binkley, J.R., Singh, S.: An Algorithm for Anomaly-based Botnet Detection. In: Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pp. 43–48 (July 2006)

    Google Scholar 

  5. Oikarinen, J., Reed, D.: Internet Relay Chat Protocol. RFC1459, Internet Engineering Task Force (1993)

    Google Scholar 

  6. Ramachandran, A., Feamster, N., Dagon, D.: Revealing Botnet Membership Using DNSBL Counter-Intelligence. In: Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pp. 49–54 (July 2006)

    Google Scholar 

  7. Hanna, C.W.: Using Snort to Detect Rogue IRC Bot Programs. Technical report, (October 2004)

    Google Scholar 

  8. Livadas, C., Walsh, B., Lapsley, D., Strayer, T.: Using Machine Learning Techniques to identify botnet traffic. In: Proceedings of 2nd IEEE LCN Workshop on Network Security (November 2006)

    Google Scholar 

  9. Nepenthes Development Team: Nepenthes - Finest Collection, available from http://nepenthes.mwcollect.org/

  10. ClamAV project: ClamAV, available from http://www.clamav.net/

  11. VMware Inc.: VMware workstation. Software available at http://www.vmware.com/

  12. Moore, A.W., Zuev, D.: Internet Traffic Classification using Bayesian Analysis Techniques. In: SIGMETRICS 2005: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pp. 50–60 (2005)

    Google Scholar 

  13. Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: SIGCOMM Comput. Commun. Rev. Number 36(2), 23–26 (2006)

    Google Scholar 

  14. Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995)

    Google Scholar 

  15. Fix, E., Hodges, J.: Discriminatory analysis: Nonparametric Discrimination: Consistency Properties. Technical report 21-49-004, USAF School of Aviation Medicine (1951)

    Google Scholar 

  16. R Development Core Team: R: A Language and Environment for Statistical Computing. (2005), http://www.R-project.org ISBN 3-900051-07-0

  17. Dimitriadou, E., Hornik, K., Leisch, F., Meyer, D., Weingessel, A.: A: The e1071 Package (2006), available at http://cran.r-project.org/src/contrib/Descriptions/e1071.html

  18. Chang, C.-C., Lin, C.-J.: LIBSVM: A library for support vector machines. Software (2001), available at http://www.csie.ntu.edu.tw/~cjlin/libsvm

Download references

Author information

Authors and Affiliations

  1. Trend Micro Incorporated, Shinjuku MAYNDS TOWER 27F 2-1-1 Yoyogi, Shibuya-ku, Tokyo, Japan

    Satoshi Kondo

  2. Institute of Information Security, 2-14-1 Tsuruya-chou, Kanagawa-ku, Yokohama, Japan

    Naoshi Sato

Authors
  1. Satoshi Kondo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naoshi Sato
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Atsuko Miyaji Hiroaki Kikuchi Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kondo, S., Sato, N. (2007). Botnet Traffic Detection Techniques by C&C Session Classification Using SVM. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds) Advances in Information and Computer Security. IWSEC 2007. Lecture Notes in Computer Science, vol 4752. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75651-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75651-4_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75650-7

  • Online ISBN: 978-3-540-75651-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation