Skip to main content
Springer Nature Link
Log in

A Concept of Clustering-Based Method for Botnet Detection

  • Conference paper
  • First Online:
Computer Network Security (MMM-ACNS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10446))

Abstract

The aim of this paper is to present concept of the botnet detection method based on the network flow clustering. There are a lot of botnets implementations and there are a lot of methods of their detection. Usually those methods are only effective for specific groups of botnets for example, which are using IRC, HTML or P2P protocol for internal communication. Method presented below, called BotTROP is a concept how to detect different kind of botnets based on their synchronous activity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Anagnostopoulos, M., Kambourakis, G., Gritzalis, S.: New facets of mobile botnet: architecture and evaluation. Int. J. Inf. Secur. 15(5), 455–473 (2013)

    Article  Google Scholar 

  2. Barthakur, P., Dahal, M., Ghose, M.: A framework for P2P Botnet detection using SVM. In: International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover (2012)

    Google Scholar 

  3. Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: Proceedings USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 2006), pp. 43–48 (2006)

    Google Scholar 

  4. Choi, H., Lee, H.: BotGAD: detecting botnets by capturing group activities in network traffic. In: Proceedings of the 4th International ICST Conference on Communication System Software and Middleware, (Comsware 2009) (2009)

    Google Scholar 

  5. Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic (2012)

    Google Scholar 

  6. Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnet. In: Proceedings of SRUTI: Steps to Reducing Unwanted Traffic on the Internet, July 2005

    Google Scholar 

  7. Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). doi:10.1007/3-540-45748-8_24

    Chapter  Google Scholar 

  8. ENISA: Botnets: Detection, Measurement, Disinfection & Defence, European Network and Information Security Agency (ENISA) (2011)

    Google Scholar 

  9. Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Third International Conference on Emerging Security Information, Systems and Technologies (2009)

    Google Scholar 

  10. Garcia, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Article  Google Scholar 

  11. Garcia, S., Zunino, A., Campo, M.: Survey on network-based botnet detection methods. Secur. Commun. Netw. 7(5), 878–903 (2014)

    Article  Google Scholar 

  12. Goebel, J., Holz, T.: Identify bot contaminated host by IRC nickname evaluation. In: Proceedings of USENIX HotBots 2007 (2007)

    Google Scholar 

  13. Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), February 2008

    Google Scholar 

  14. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: Proceedings of the USENIX Security Symposium (Security) (2008)

    Google Scholar 

  15. Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets, March 2005. http://honeynet.org/papers/bots/

  16. Ligh, M., Adair, S., Hartstein, B., Richard, M.: Malware Analyst’s Cookbook and DVD. Wiley, New York (2011)

    Google Scholar 

  17. Lyon, F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure.com (2009)

  18. Malwarebytes, Kujawa, A.: You dirty RAT! Part 2 – Blackshades NET, 15 June 2015. https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-2-blackshades-net/

  19. Manasrah, A.M., Hasan, A., Abouabdalla, O.A., Ramadass, S.: Detecting botnet activities based on abnormal DNS traffic. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) (2009)

    Google Scholar 

  20. NOVETTA: Elastic Zombie Botnet Report (2015)

    Google Scholar 

  21. Provos, N.: A virtual honeypot framework. In: Proceedings of the 13th USENIX Security Symposium, pp. 1–14 (2014)

    Google Scholar 

  22. Raghava, N.S., Sahgal, D., Chandna, S.: Classification of botnet detection based on botnet architecture. In: International Conference on Communication System and Network Technologies (2012)

    Google Scholar 

  23. Ramachandran, A., Feamster, N., Dagon, D.: Revealing botnet membership using DNSBL counter-intelligence. In: USENIX 2nd Workshop on Steps to Reducing Unwated Traffic on the Internet (SRUTI 2006), June 2006

    Google Scholar 

  24. Sayoid, S., Chanthakoummane, Y.: Improving intrusion detection on snort for botnet detection. Software Networking, pp. 191–212, July 2016

    Google Scholar 

  25. Sikorski, M., Honig, A.: Practical Malware Analysis. No Strach Press (2012)

    Google Scholar 

  26. Silva, S.S., Silva, R.M., Pinto, R.C., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)

    Article  Google Scholar 

  27. Strayer, T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection, pp. 1–24. Springer, Boston (2008)

    Google Scholar 

  28. Stringhini, G., Holz, T., Stone-Gross, B., Kruegel, C., Vigna, G.: BOTMAGNIFIER: locating spambots on the internet. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 28. USENIX Association, Berkeley (2011)

    Google Scholar 

  29. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. USENIX Association, Berkeley (2008)

    Google Scholar 

  30. Wang, P., Sparks, S., Zou, C.: An advanced hybrid peer-to-peer botnet. In: USENIX First Workshop on Hot Topics in Understanding Botnets (HotBots 2007), April 2007

    Google Scholar 

  31. Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 207–227. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70542-0_11

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer and Information System, Faculty of Cybernetics, Military University of Technology, Kaliskiego Street 2, 00-908, Warsaw, Poland

    Hubert Ostap & Ryszard Antkiewicz

Authors
  1. Hubert Ostap
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryszard Antkiewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hubert Ostap .

Editor information

Editors and Affiliations

  1. Gdansk University of Technology , Gdansk, Poland

    Jacek Rak

  2. Binghamton University , Binghamton, New York, USA

    John Bay

  3. St. Petersburg Institute for Informatics and Automation, St. Petersburg, Russia

    Igor Kotenko

  4. Utica College , Utica, New York, USA

    Leonard Popyack

  5. Binghamton University , Binghamton, New York, USA

    Victor Skormin

  6. Warsaw University of Technology , Warsaw, Poland

    Krzysztof Szczypiorski

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ostap, H., Antkiewicz, R. (2017). A Concept of Clustering-Based Method for Botnet Detection. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science(), vol 10446. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65127-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65126-2

  • Online ISBN: 978-3-319-65127-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics