Skip to main content
SpringerLink
Log in

A New Approach to Detecting Bot Attack Activity Scenario

  • Conference paper
  • First Online:
Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020) (SoCPaR 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1383))

Included in the following conference series:

Abstract

Botnets are a dangerous threat to computer networks. A botnet consists of a bot-master and bot-client connected and communicated through command and control (C&C) servers. When the bot attacks and infects the target computer, it performs several activities. Nevertheless, the introduced model may not detect the connection between one activity and others as a whole botnet attack scenario. The connection between activities is required to get the attack step carried out by each bot. This paper proposes a new approach to detect linkages between bot activities by analyzing the network traffic flows and obtaining a bot attack scenario. The analysis is carried out by finding the frequency of each activity that is sequentially connected. The results show that the proposed model successfully detects interrelated bot activity scenarios based on its pattern.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aleksieva, Y., Valchanov, H., Aleksieva, V.: An approach for host based botnet detection system. In: Proceedings of the 2019 16th Conference on Electrical Machines, Drives and Power Systems, ELMA 2019, June, pp. 6–8 (2019)

    Google Scholar 

  2. Álvarez Cid-Fuentes, J., Szabo, C., Falkner, K.: An adaptive framework for the detection of novel botnets. Comput. Secur. 79, 148–161 (2018)

    Article  Google Scholar 

  3. Wang, C.Y., et al.: BotCluster: a session-based P2P botnet clustering system on NetFlow. Comput. Netw. 145, 175–189 (2018)

    Article  Google Scholar 

  4. Mathur, L., Raheja, M., Ahlawat, P.: Botnet Detection via mining of network traffic flow. Procedia Comput. Sci. 132, 1668–1677 (2018)

    Article  Google Scholar 

  5. Khan, R.U., Zhang, X., Kumar, R., Sharif, A., Golilarz, N.A., Alazab, M.: An adaptive multi-layer botnet detection technique using machine learning classifiers. Appl. Sci. 9(11), 2375 (2019). https://doi.org/10.3390/app9112375

    Article  Google Scholar 

  6. Eslahi, M.: Bots and botnets: an overview of characteristics , detection and challenges, pp. 23–25, 2012.

    Google Scholar 

  7. Al-Hakbani, M.M., Dahshan, M.H.: Avoiding honeypot detection in peer-to-peer botnets. In: 2015 IEEE International Conference on Engineering and Technology, ICETECH 2015, March 2015

    Google Scholar 

  8. Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: 7th IEEE International Conference on Computer and Information Technology, CIT 2007, pp. 715–720 (2007)

    Google Scholar 

  9. Choi, H., Lee, H., Kim, H.: BotGAD: detecting botnets by capturing group activities in network traffic. In: Proceedings of the 4th IEEE International Conference on Software Testing, Verification and Validation (ICST), Middlew, pp. 1–8 (2009)

    Google Scholar 

  10. Chowdhury, S., Khanzadeh, M., Akula, R., Zhang, F., Zhang, S., Medal, H., Marufuzzaman, M., Bian, L.: Botnet detection using graph-based feature clustering. J. Big Data 4(1), 14 (2017). https://doi.org/10.1186/s40537-017-0074-7

    Article  Google Scholar 

  11. Hoang, X., Nguyen, Q.: Botnet detection based on machine learning techniques using DNS query data. Future Internet 10(5), 43 (2018)

    Article  Google Scholar 

  12. Hung, C., Sun, H.: A botnet detection system based on machine-learning using flow-based features. In: The 12th International Conference on Emerging Security Information, Systems and Technologies A, SECURWARE 2018, The Twelft, pp. 122–127 (2018)

    Google Scholar 

  13. Garcia, S., Zunino, A., Campo, M.: Survey on network-based botnet detection methods. Sec. Commun. Netw. 7(5), 878–903 ( 2014)

    Article  Google Scholar 

  14. Dollah, R.F.M., Faizal, M.A., Arif, F., Mas’ud, M.Z., Xin, L.K.: Machine learning for HTTP botnet detection using classifier algorithms. J. Telecommun. Electron. Comput. Eng. 10(1–7), 27–30 (2018)

    Google Scholar 

  15. Beigi, E.B., Jazi, H.H., Stakhanova, N., Ghorbani, A.A.: Towards effective feature selection in machine learning-based botnet detection approaches. In: 2014 IEEE Conference on Communications and Network Security, pp. 247–255 (2014)

    Google Scholar 

  16. Garc, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Article  Google Scholar 

  17. Hanguang, L., Yu, N.: Intrusion detection technology research based on apriori algorithm. Phys. Procedia 24, 1615–1620 (2012)

    Article  Google Scholar 

  18. Ohrui, M., Kikuchi, H., Rosyid, N.R., Terada, M.: Mining botnet coordinated attacks using Apriori-Prefixspan hybrid algorithm. J. Inf. Process. 21(4), 607–616 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia

    Dandy Pramana Hostiadi, Tohari Ahmad & Waskitho Wibisono

  2. Department of Informatics, Institut Teknologi dan Bisnis STIKOM Bali, Bali, Indonesia

    Dandy Pramana Hostiadi

Authors
  1. Dandy Pramana Hostiadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tohari Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Waskitho Wibisono
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tohari Ahmad .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Ajith Abraham

  2. Systems Innovation, School of Engineering, The University of Tokyo, Bunkyo-ku, Tokyo, Japan

    Yukio Ohsawa

  3. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Niketa Gandhi

  4. Vardhaman College of Engineering, Hyderabad, Telangana, India

    M.A. Jabbar

  5. Faculty of Sciences and Techniques, Hassan 1st University, Settat, Morocco

    Abdelkrim Haqiq

  6. Queen’s University, Belfast, UK

    Seán McLoone

  7. Northumbria University, Newcastle, UK

    Biju Issac

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hostiadi, D.P., Ahmad, T., Wibisono, W. (2021). A New Approach to Detecting Bot Attack Activity Scenario. In: Abraham, A., et al. Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020). SoCPaR 2020. Advances in Intelligent Systems and Computing, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-73689-7_78

Download citation

Publish with us

Policies and ethics

Search

Navigation