research-article

Feature selection for detection of peer-to-peer botnet traffic

Authors:
Pratik Narang

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India
View Profile

,
Jagan Mohan Reddy

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India
View Profile

,
Chittaranjan Hota

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India

Birla Institute of Technology and Science-Pilani, Hyderabad Campus, Shameerpet, R.R. District, A.P., India
View Profile

Compute '13: Proceedings of the 6th ACM India Computing ConventionAugust 2013Article No.: 16Pages 1–9https://doi.org/10.1145/2522548.2523133

Published:22 August 2013Publication History

Compute '13: Proceedings of the 6th ACM India Computing Convention

Pages 1–9

ABSTRACT

The use of anomaly-based classification of intrusions has increased significantly for Intrusion Detection Systems. Large number of training data samples and a good 'feature set' are two primary requirements to build effective classification models with machine learning algorithms. Since the amount of data available for malicious traffic will often be small compared to the available traces of benign traffic, extraction of 'good' features which enable detection of malicious traffic is a challenging area of work.

This research work presents preliminary results of comparison of performance of three different feature selection algorithms - Correlation based feature selection, Consistency based subset evaluation and Principal component analysis-on three different Machine learning techniques- namely Decision trees, Naïve Bayes classifier, and Bayesian Network classifier. These algorithms are evaluated for the detection of Peer-to-Peer (P2P) based botnet traffic.

References

Citadel and zeus. article available online:. https://www.botnets.fr/index.php/Citadel_ZeuS_bot. Accessed on 1stJuly 2013.Google Scholar
Open malware website:. http://http://openmalware.org/. Accessed on 10 May 2013.Google Scholar
Wordpress botnet attack. available online at:. http://security.stackexchange.com/q/34482/9778. Accessed on 18th April 2013.Google Scholar
M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir. A survey of botnet technology and defenses. In Conference For Homeland Security, 2009. CATCH'09. Cybersecurity Applications & Technology, pages 299--304. IEEE, 2009. Google ScholarDigital Library
BBC. Anonymous wikileaks supporters mull change in tactics. available online:. http://www.bbc.co.uk/news/mobile/technology-11968605. Accessed on 09 June 2013.Google Scholar
M. Bednarczyk. jnetpcap website. http://jnetpcap.com. Accessed on 7 May 2013.Google Scholar
P. E. Berg. Behavior-based Classification of Botnet Malware. Gjøvik University College, 2011.Google Scholar
N. Brownlee. Netramet & nemac reference manual v4. 3, 1999.Google Scholar
S. Chebrolu, A. Abraham, and J. P. Thomas. Feature deduction and ensemble design of intrusion detection systems. Computers & Security, 24(4):295--307, 2005.Google ScholarDigital Library
M. Dash and H. Liu. Consistency-based search in feature selection. Artificial intelligence, 151(1):155--176, 2003. Google ScholarDigital Library
J. Finkle. Microsoft, fbi take aim at global cybercrime ring. article on citadel botnet, available online:. http://www.smh.com.au. Accessed on 09 June 2013.Google Scholar
M. Foukarakis, D. Antoniades, S. Antonatos, and E. P. Markatos. Flexible and high-performance anonymization of netflow records using anontool. In Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on, pages 33--38. IEEE, 2007.Google ScholarCross Ref
T. Greene. Zeus botnet has a new use: Stealing bank access codes via sms. available online at:. http://www.networkworld.com/news/2010/092910-zeus-botnet-sms-banks.html. Accessed on 9th June 2013.Google Scholar
M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: an update. ACM SIGKDD Explorations Newsletter, 11(1):10--18, 2009. Google ScholarDigital Library
M. A. Hall. Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato, 1999.Google Scholar
H. Hang, X. Wei, M. Faloutsos, and T. Eliassi-Rad. Entelecheia: Detecting p2p botnets in their waiting stage. In IFIP Networking, 2013.Google Scholar
I. Jolliffe. Principal component analysis. Wiley Online Library, 2005.Google ScholarCross Ref
J. LeClaire. Wordpress sites attacked; may be prep for ddos barrage. available online at:. http://www.cio-today.com/news/WordPress-Web-Sites-Under-Attack/story.xhtml?story_id=033003176VMR. Accessed on 18th April 2013.Google Scholar
C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer. Using machine learning techniques to identify botnet traffic. In Local Computer Networks, Proceedings 2006 31st IEEE Conference on, pages 967--974. IEEE, 2006.Google Scholar
M. V. Mahoney and P. K. Chan. An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection. In Recent Advances in Intrusion Detection, pages 220--237. Springer, 2003.Google ScholarCross Ref
Mila. Contagio-dump blog. http://www.contagiodump.blogspot.in. Accessed on 10 May 2013.Google Scholar
H. T. Nguyen, K. Franke, and S. Petrovic. Towards a generic feature-selection measure for intrusion detection. In Pattern Recognition (ICPR), 2010 20th International Conference on, pages 1529--1532. IEEE, 2010. Google ScholarDigital Library
S.-K. Noh, J.-H. Oh, J.-S. Lee, B.-N. Noh, and H.-C. Jeong. Detecting p2p botnets using a multi-phased flow model. In Digital Society, 2009. ICDS'09. Third International Conference on, pages 247--253. IEEE, 2009. Google ScholarDigital Library
B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li. Peerrush: Mining for unwanted p2p traffic. In Detection of Intrusions and Malware, and Vulnerability Assessment, volume 7967 of Lecture Notes in Computer Science, pages 62--82. Springer Berlin Heidelberg, 2013. Google ScholarDigital Library
S. Saad, I. Traore, A. Ghorbani, B. Sayed, D. Zhao, W. Lu, J. Felix, and P. Hakimian. Detecting p2p botnets through network behavior analysis and machine learning. In Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on, pages 174--180. IEEE, 2011.Google ScholarCross Ref
R. Schoof and R. Koning. Detecting peer-to-peer botnets. University of Amsterdam, 2007.Google Scholar
A. H. Sung and S. Mukkamala. The feature selection and intrusion detection problems. In Advances in Computer Science-ASIAN 2004. Higher-Level Decision Making, pages 468--482. Springer, 2005. Google ScholarDigital Library
P.-N. Tan et al. Introduction to data mining. Pearson Education India, 2007. Google ScholarDigital Library
P. Van Der Putten and M. Van Someren. A bias-variance analysis of a real world learning problem: The coil challenge 2000. Machine Learning, 57(1-2):177--195, 2004. Google ScholarDigital Library
N. Williams, S. Zander, and G. Armitage. A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5):5--16, 2006. Google ScholarDigital Library
I. H. Witten and E. Frank. Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann, 2005. Google ScholarDigital Library
D. Wood. The skype is no longer the limit--new ways malware keeps in touch with your friends. 2010.Google Scholar
T.-F. Yen and M. K. Reiter. Are your hosts trading or plotting? telling p2p file-sharing and bots apart. In Distributed Computing Systems (ICDCS), 2010 IEEE 30th International Conference on, pages 241--252. IEEE, 2010. Google ScholarDigital Library
C. York. Wordpress attacked by botnet in massive ddos onslaught. available online at:. http://www.huffingtonpost.co.uk/2013/04/15/wordpress-botnet-attack_n_3083819.html. Accessed on 18th April 2013.Google Scholar

Index Terms

Feature selection for detection of peer-to-peer botnet traffic
1. Computing methodologies
  1. Machine learning
2. Networks
  1. Network services
    1. Network monitoring

Recommendations

Machine-learning approaches for P2P botnet detection using signal-processing techniques
DEBS '14: Proceedings of the 8th ACM International Conference on Distributed Event-Based Systems

The distributed and decentralized nature of P2P botnets makes their detection a challenging task. Further, the botmasters continuously try to improve their botnets in order to evade existing detection mechanisms. Thus, although a lot of research has ...
Read More
An Advanced Hybrid Peer-to-Peer Botnet

A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and ...
Read More
Peer to peer botnet detection for cyber-security: a data mining approach
CSIIRW '08: Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead

Botnet is a network of compromised hosts or bots, under the control of a human attacker known as the botmaster [7, 8]. Botnets are used to perform malicious actions, such as launching DDoS attacks, sending spam or phishing emails and so on. Thus, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
Compute '13: Proceedings of the 6th ACM India Computing Convention
August 2013
196 pages
ISBN:9781450325455
DOI:10.1145/2522548
General Chairs:
R. K. Shyamasundar
TIFR, Mumbai
,
Lokendra Shastri
Infosys Labs, Infosys Ltd
,
Program Chairs:
D Janakiram
IIT Chennai
,
Srinivas Padmanabhuni
Infosys Labs
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 August 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
botnet
classification
feature selection
machine learning
peer-to-peer
Qualifiers
- research-article
Conference

Acceptance Rates
Compute '13 Paper Acceptance Rate24of96submissions,25%Overall Acceptance Rate114of622submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 22
  Total Citations
  View Citations
- 577
  Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Feature selection for detection of peer-to-peer botnet traffic

Compute '13: Proceedings of the 6th ACM India Computing Convention

ABSTRACT

References

Cited By

Index Terms

Recommendations

Machine-learning approaches for P2P botnet detection using signal-processing techniques

An Advanced Hybrid Peer-to-Peer Botnet

Peer to peer botnet detection for cyber-security: a data mining approach