Adaptive behaviour pattern based botnet detection using traffic analysis and flow interavals

摘要

Botnets have become a rampant platform for malicious attacks, which poses a significant threat to internet security. The recent botnets have begun using common protocols such as TCP/HTTP which makes it even harder to distinguish their communication patterns. A botnet is a group of cooperated computers which are remotely controlled by hackers to launch various network attacks, such as DDoS attack, junk mail, click fraud, individuality theft and information phishing. The recent botnets have begun using common protocols such as TCP/HTTP which makes it even harder to distinguish their communication patterns. Most of the TCP/HTTP bot transportations are founded on TCP connections. Of all current threats to cyber security, botnets are at the topmost of the list. In importance, attention in this problem is increasing rapidly among the research community and the number of journals on the question has grown up exponentially in recent years. Signature based detection is not suitable for bot which are variant in nature just like TCP/HTTP bots, So behavior based technique is more suitable for TCP/HTTP botnet detection. In this work PSO and SVM model is used to differentiate legitimate user and TCP/HTTP bot.