Botnet Detection with Flow Behavior Analysis Approach

Botnet" is a network of infected computers connected to the Internet that is under management of the command and control server and is used for denial of service attacks, for sending spams and other malicious operations. The size of a botnet depends on the complexity and number of computers employed. Users usually do not know that their systems are remotely controled and abused. Botnets are attractive for cyber criminals, because they are capable of being reset for various offenses, moved to new hosting services, or they are reprogrammed in response to new developments in security. Despite the specific characteristics of each botnet, bots in a botnet exhibit homogeneous behaviors and this can be the starting point for identifying a botnet within a network. Discoverable behavior of bots in a botnet can lead to production of features and attributes. Analyzing of these features, we can classify traffic to malicious and non-malicious traffic.This approach uses network flow analysis and machine learning methods to detect peer to peer botnets. Furthermore,this approach is flow-based and analyzes features extracted from flows based on the behavior of well-known botnets such as Weasel, etc and determines that the new traffic is an attack or not.