BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

Mohammed S. Gadelrab, Muhammad ElSheikh, Mahmoud A. Ghoneim, Mohsen Rashwan

Abstract


In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)
techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of many
research efforts. This research aims to overcome two serious limitations of current botnet detection systems:
First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. To
achieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we have
identified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.
Then, we have carried several machine learning experiments in order to test the suitability of ML techniques and
also to pick a minimal subset of the identified features that provide best detection. We have implemented our
approach in a tool called BotCap whose test results showed its proven ability to detect individually infected hosts
in a local network.

Full Text: PDF

Refbacks

  • There are currently no refbacks.


International Journal of Communication Networks and Information Security (IJCNIS)          ISSN: 2076-0930 (Print)           ISSN: 2073-607X (Online)