An Enhanced Model for Network Flow Based Botnet Detection

Wijesinghe, U., Tupakula, U. and Varadharajan, V.

    The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.
Cite as: Wijesinghe, U., Tupakula, U. and Varadharajan, V. (2015). An Enhanced Model for Network Flow Based Botnet Detection. In Proc. 38th Australasian Computer Science Conference (ACSC 2015) Sydney, Australia. CRPIT, 159. Parry, D. Eds., ACS. 101-110
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS