A Botnet Detection System Based on Machine-Learning using Flow-Based Features

摘要

Botnets have always been a formidable cyber security threat. Internet of Things (IoT) has become an important technique and the number of internet-connected smart devices has been increasing by more than 15% every year. It is for this reason that botnets are growing rapidly. Although the antivirus on Personal Computer (PC) has being applied for a long time, the threats from the botnets still cannot be eliminated. Smart devices and IOT are still in their initial stages, hence there are uncertainties about the security issues. In the foreseeable future, more devices will become victims of botnets. In this paper, we propose a system for detecting potential botnets by analyzing their flows on the Internet. The system classifies similar flow traffic into groups, and then extracts the behavior patterns of each group for machine learning. The system not only can analyze P2P botnets, but also extracts the patterns to application layer and can analyze botnets using HTTP protocols.