Botnet Detection Method Based on Permutation Entropy and Clustering Variance

Abstract

Fast developing network puts forward more complex requirements for detecting traffic abnormal behavior, but many existing methods cannot effectively curb the harm of botnet. This paper proposed a botnet detection method based on multidimensional permutation entropy and clustering variance. According to the traffic characteristics in the propagation period of bots, we used multidimensional permutation entropy to calculate the complexity of time series of network traffic, and then used cluster variance to detect the self similarity of permutation entropy model, finally the results proved the validity of this method. This method is based on the general characteristics of botnet, so we can detect all known and unknown botnets.