Abstract
The botnet detection is imperative. Among several detection schemes, the promising one uses the communication sequences. The main idea of that scheme is that the communication sequences represent special feature since they are controlled by programs. That sequence is tokenized to truncated sequences by n-gram and the numbers of each pattern’s occurrence are used as a feature vector. However, although the features are normalized by the total number of all patterns’ occurrences, the number of occurrences in larger n are less than those of smaller n. That is, regardless of the value of n, the previous scheme normalizes it by the total number of all patterns’ occurrences. As a result, normalized long patterns’ features become very small value and are hidden by others. In order to overcome this shortcoming, in this paper, we propose a traffic feature-based botnet detection scheme emphasizing the importance of long patterns. We realize the emphasizing by two ideas. The first idea is normalizing occurrences by the total number of occurrences in each n instead of the total number of all patterns’ occurrences. By doing this, smaller occurrences in larger n are normalized by smaller values and the feature becomes more balanced with larger value. The second idea is giving weights to the normalized features by calculating ranks of the normalized feature. By weighting features according to the ranks, we can get more outstanding features of longer patterns. By the computer simulation with real dataset, we show the effectiveness of our scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Saha, B., Gairola, A.: Botnet: an overview. In: CERT-In White Paper, CIWP-2005-05 (2005)
Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015)
Sahi, A., Lai, D., Li, Y., Diykh, M.: An efficient DDoS TCP flood attack detection and prevention system in a cloud environment, pp. 6036–6048 (2017)
Li, C., Jiang, W., Zou, X.: Botnet: survey and case study, pp. 1184–1187 (2009)
Goebel, J., Holz, T.: Rishi: identify bot contaminated hosts by IRC nickname evaluation. HotBots 7, 8 (2007)
Kapre, A., Padmavathi, B.: Behaviour based botnet detection with traffic analysis and flow interavals using PSO and SVM. In: ICICCS, pp. 718–722 (2017)
Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning techniques to identify botnet traffic. In: IEEE 2006 Proceedings of the 31st IEEE Conference, pp. 967–974 (2006)
Vapnik, V.: Pattern recognition using generalized portrait method. Autom. Remote Control 24, 774–780 (1963)
Lee, Y.C., Tseng, C.M., Liu, T.J.: A HTTP botnet detection system based on ranking mechanism. In: 2017 Twelfth International Conference, pp. 115–120. IEEE (2017)
Su, Y.H., Rezapour, A., Tzeng, W.G.: The forward-backward string: a new robust feature for botnet detection. In: 2017 IEEE Conference on Dependable and Secure Computing, pp. 485–492 (2017)
Dietrich, C.J., Rossow, C., Freiling, F.C., Bos, H., Van Steen, M., Pohlmann, N.: On botnets that use DNS for command and control. In: Seventh European Conference on Computer Network Defense, pp. 9–16 (2011)
Leskovec, J., Mcauley, J.J.: Towards effective feature selection in machine learning-based botnet detection approaches. In: Communications and Network Security (CNS). IEEE (2014)
ISCX botnet dataset university of new Brunswick. http://www.unb.ca/cic/research/datasets/botnet.html
Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., Felix, J., Hakimian, P.: Detecting P2P botnets through network behavior analysis and machine learning. In: Proceedings of 9th Annual Conference on Privacy, pp. 174–180. IEEE (2011)
Acknowledgment
This work is partly supported by the Grant in Aid for Scientific Research (No. 17K06440) from Japan Society for Promotion of Science (JSPS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
An, Y., Haruta, S., Choi, S., Sasase, I. (2020). Traffic Feature-Based Botnet Detection Scheme Emphasizing the Importance of Long Patterns. In: Choraś, M., Choraś, R. (eds) Image Processing and Communications. IP&C 2019. Advances in Intelligent Systems and Computing, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-31254-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-31254-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31253-4
Online ISBN: 978-3-030-31254-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)