Chapter 9: Emerging Technologies in Creative Applications

Title: Investigation of peer-to-peer botnet using TCP control packets and data mining techniques

Author(s): Mohammad Aluthaman, Nauman Aslam, M.A. Hossain, Rafe Alasem

Address: Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment, Northumbria University, Newcastle upon Tyne, NE1-8ST, UK | Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment, Northumbria University, Newcastle upon Tyne, NE1-8ST, UK | Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment, Northumbria University, Newcastle upon Tyne, NE1-8ST, UK | Department of Electrical Engineering, Faculty of Engineering, Imam Mohammad Ibn Saud Islamic University, Riyadh, Saudi Arabia

Reference: Software, Knowledge, Information Management and Applications (SKIMA 2013) pp. 418 - 426

Abstract/Summary: Nowadays botnets are commonly used in cyber-attacks and malicious activities. A botnet is the main way to carry and spread many malicious codes in internet that are responsible for many malicious activities including spam mail, distributed denial of service attack and click fraud. In this paper, we propose an approach to detect botnet’s malicious behavior by using data mining classification techniques based on the features of TCP control packet. We study the performance and accuracy of popular classification techniques on existing datasets. Experiment shows that the proposed approach is able to identify botnets with high accuracy rate and high performance in a short time. The evaluation results show that the proposed solution can detect bot hosts with more than 99% accuracy, whereas the average of false positive rate is lower than 2%.

Order a copy of this article