{"title":"A Framework for P2P Botnet Detection Using SVM","authors":"Pijush Barthakur, M. Dahal, M. Ghose","doi":"10.1109/CyberC.2012.40","DOIUrl":null,"url":null,"abstract":"Botnets are the most serious network security threat bothering cyber security researchers around the globe. In this paper, we propose a proactive botnet detection framework using Support Vector Machine (SVM) to identify P2P botnets based on payload independent statistical features. Our investigation is based on the assumption that there exists significant difference between flow feature values of P2P botnet traffic and that of normal web traffic. However, we don't see a significant difference among flow feature values of normal web traffic and that of normal P2P traffic. Therefore, we combined normal web traffic and normal P2P traffic for the purpose of binary classification. Furthermore, we tried to evaluate the optimum SVM model that provides the best classification of P2P botnet data. Our optimized method yields approximately 99.01% accuracy for unbiased training and testing samples with a False Positive rate of 0.11 and 0.003 for bot and normal data flows respectively.","PeriodicalId":416468,"journal":{"name":"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberC.2012.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34
Abstract
Botnets are the most serious network security threat bothering cyber security researchers around the globe. In this paper, we propose a proactive botnet detection framework using Support Vector Machine (SVM) to identify P2P botnets based on payload independent statistical features. Our investigation is based on the assumption that there exists significant difference between flow feature values of P2P botnet traffic and that of normal web traffic. However, we don't see a significant difference among flow feature values of normal web traffic and that of normal P2P traffic. Therefore, we combined normal web traffic and normal P2P traffic for the purpose of binary classification. Furthermore, we tried to evaluate the optimum SVM model that provides the best classification of P2P botnet data. Our optimized method yields approximately 99.01% accuracy for unbiased training and testing samples with a False Positive rate of 0.11 and 0.003 for bot and normal data flows respectively.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
