F4226084615 - International Journal of Engineering and Advanced Technology (IJEAT)

Bots C&C Traffic Detection Using Decision Tree Based Classifier
Beena J Stuvert¹, Soniya B²
¹Beena J Stuvert, Department of Computer Science, Sree Chitra Thirunal College of Engineering, University of Kerala, Trivandrum (Kerala), India.
²Soniya.B, Department of Computer Science, Sree Chitra Thirunal College of Engineering, University of Kerala, Trivandrum (Kerala), India.
Manuscript received on 15 August 2015 | Revised Manuscript received on 25 August 2015 | Manuscript Published on 30 August 2015 | PP: 238-242 | Volume-4 Issue-6, August 2015 | Retrieval Number: F4226084615/15©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: —In recent years, the root cause of many security problems on the Internet are botnets. A botnet is a network of compromised computers under the control of bot code. When accessing a bot infected sites, these bot code are installed into the victim machine. Once the bot code affects a victim machine, it became part of the botnet. These botnets are the major cause of cyber-crimes such as spamming, phishing, click fraud etc. Bot is a type of malware and it differ from other class of malware is its command and control (C&C) channels. Thus the effective way to detect botnet is based on the command and control channels. This work presents a system that detects botnet based on the statistical features of the communication between bot and its botmasters without performing packet payload inspection. The proposed system uses machine learning technique to identify the features of the command and control channel. Based on the extracted feature a model is created to detect unknown bot traffic. Both classification and clustering methods are used to create the models and the detection accuracy and false positive rate of these methods are compared. The detection accuracy of the model is evaluated on standard real dataset, CTU-13 dataset. The experimental result shows that, both algorithms provide very good detection rate in CTU-13 dataset. Also, the false positive rate of the model is evaluated using another standard dataset, LBNL dataset. The evaluation results shows that the classification algorithm has less false positive rate compared to clustering.
Keywords: Clustering, Classifier, Bots C&C Traffic Detection
Scope of the Article: Clustering

Download PDF

JOURNAL

REQUIREMENTS

PRODUCT

CONTACT US