Exploring a Service-Based Normal Behaviour Profiling System for Botnet Detection
Date
2017-05
Language
English
Embargo Lift Date
Committee Members
Degree
Degree Year
Department
Grantor
Journal Title
Journal ISSN
Volume Title
Found At
IEEE
Abstract
Effective detection of botnet traffic becomes difficult as the attackers use encrypted payload and dynamically changing port numbers (protocols) to bypass signature based detection and deep packet inspection. In this paper, we build a normal profiling-based botnet detection system using three unsupervised learning algorithms on service-based flow-based data, including self-organizing map, local outlier, and k-NN outlier factors. Evaluations on publicly available botnet data sets show that the proposed system could reach up to 91% detection rate with a false alarm rate of 5%.
Description
Keywords
item.page.description.tableofcontents
item.page.relation.haspart
Cite As
Chen, W., Luo, X., & Zincir-Heywood, A. N. (2017). Exploring a service-based normal behaviour profiling system for botnet detection. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 947–952). https://doi.org/10.23919/INM.2017.7987417
ISSN
Publisher
Series/Report
Sponsorship
Major
Extent
Identifier
Relation
Journal
2017 IFIP/IEEE Symposium on Integrated Network and Service Management
Rights
Publisher Policy
Source
Author
Alternative Title
Type
Conference proceedings
Number
Volume
Conference Dates
Conference Host
Conference Location
Conference Name
Conference Panel
Conference Secretariat Location
Permanent Link
Version
Author's manuscript