A Framework for P2P Botnet Detection Using SVM

Abstract

Botnets are the most serious network security threat bothering cyber security researchers around the globe. In this paper, we propose a proactive botnet detection framework using Support Vector Machine (SVM) to identify P2P botnets based on payload independent statistical features. Our investigation is based on the assumption that there exists significant difference between flow feature values of P2P botnet traffic and that of normal web traffic. However, we don't see a significant difference among flow feature values of normal web traffic and that of normal P2P traffic. Therefore, we combined normal web traffic and normal P2P traffic for the purpose of binary classification. Furthermore, we tried to evaluate the optimum SVM model that provides the best classification of P2P botnet data. Our optimized method yields approximately 99.01% accuracy for unbiased training and testing samples with a False Positive rate of 0.11 and 0.003 for bot and normal data flows respectively.