Botnet detection using graph-based feature clusteringReportar como inadecuado

Botnet detection using graph-based feature clustering - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Journal of Big Data

, 4:14

First Online: 12 May 2017Received: 02 March 2017Accepted: 25 April 2017DOI: 10.1186-s40537-017-0074-7

Cite this article as: Chowdhury, S., Khanzadeh, M., Akula, R. et al. J Big Data 2017 4: 14. doi:10.1186-s40537-017-0074-7


Detecting botnets in a network is crucial because bots impact numerous areas such as cyber security, finance, health care, law enforcement, and more. Botnets are becoming more sophisticated and dangerous day-by-day, and most of the existing rule based and flow based detection methods may not be capable of detecting bot activities in an efficient and effective manner. Hence, designing a robust and fast botnet detection method is of high significance. In this study, we propose a novel botnet detection methodology based on topological features of nodes within a graph: in degree, out degree, in degree weight, out degree weight, clustering coefficient, node betweenness, and eigenvector centrality. A self-organizing map clustering method is applied to establish clusters of nodes in the network based on these features. Our method is capable of isolating bots in clusters of small sizes while containing the majority of normal nodes in the same big cluster. Thus, bots can be detected by searching a limited number of nodes. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from consideration. The methodology is verified using the CTU-13 datasets, and benchmarked against a classification-based detection method. The results show that our proposed method can efficiently detect the bots despite their varying behaviors.

KeywordsCyber security Bot detection Graph-based features Clustering 

Autor: Sudipta Chowdhury - Mojtaba Khanzadeh - Ravi Akula - Fangyan Zhang - Song Zhang - Hugh Medal - Mohammad Marufuzzaman - Link


Documentos relacionados