Abstract

Botnets pose as serious threat and huge loss to organizations. The presence of botnet traffic in any network is a matter of serious concern. They are used for many activities of malicious type like distributed denial of service (DDOS) attacks, mass spam, phishing attack, click frauds, stealing the user’s confidential information like passwords and other types of cyber-crimes. The detection of botnets in early phases is very crucial for minimizing the damage. With this aim, the proposed approach uses Network forensic analysis flow exporter tools like Wireshark, NetworkMiner and CapLoader for analyzing and extraction of important features. The botnet traffic flows are analyzed based on the features set extracted by these tools. The impacts of these extracted features are studied with respect to the Botnet malicious activities. A botnet detection model is generated using decision tree. The performance of different algorithms namely Decision Tree, Naïve Bayes and ZeroR are analyzed. It has been observed that the decision tree works better with selective features.

Keywords: Bots, botnet behavior, traffic flow exporter tools, malware, machine learning, cross validation, botnet traffic flow