Abstract

A botnet is a network of remotely-controlled infected computers that can send spam, spread viruses, or stage denial-of-service attacks, without the consent of the computer owners. Since the beginning of the 21st century, botnet activities have steadily increased, becoming one of the major concerns for Internet security. In fact, botnet activities are becoming more and more difficult to be detected, because they make use of Peer-to-Peer protocols (eMule, Torrent, Frostwire, Vuze, Skype and many others). To improve the detectability of botnet activities, this paper introduces the idea of association analysis in the field of data mining, and proposes a system to detect botnets based on the FP-growth (Frequent Pattern Tree) frequent item mining algorithm. The detection system is composed of three parts: packet collection processing, rule mining, and statistical analysis of rules. Its characteristic feature is the rule-based classification of different botnet behaviors in a fast and unsupervised fashion. The effectiveness of the approach is validated in a scenario with 11 Peer-to-Peer host PCs, 42063 Non-Peer-to-Peer host PCs, and 17 host PCs with three different botnet activities (Storm, Waledac and Zeus). The recognition accuracy of the proposed architecture is shown to be above 94%. The proposed method is shown to improve the results reported in literature.

Highlights

  • With the continuous development of the Internet, the network has expanded from an interconnection of PCs to a mobile Internet

  • A botnet attack typically occurs as fol

  • Based on the frequent item set mining algorithm, we propose a botnet detection system comprising the following three parts

Read more

Summary

Introduction

With the continuous development of the Internet, the network has expanded from an interconnection of PCs to a mobile Internet. With the advent of 5G technology, further expansion is expected towards the Internet of Things and the Internet of Everything scenarios [1]. The amount of information exchanged over the Internet has reached unprecedented levels, but so have the threats and the need for security. Botnets have become one of the major threats to Internet security [25]. A botnet attack typically occurs as fol- Because the infected host is typically referred to as a ‘zombie host’, another popular name for a botnet is ‘zombie network’

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.