Sliding Time Analysis in Traffic Segmentation for Botnet Activity Detection

2022 5th International Conference on Computing and Informatics (ICCI) Pub Date : 2022-03-09 DOI:10.1109/icci54321.2022.9756077

Dandy Pramana Hostiadi, T. Ahmad

{"title":"Sliding Time Analysis in Traffic Segmentation for Botnet Activity Detection","authors":"Dandy Pramana Hostiadi, T. Ahmad","doi":"10.1109/icci54321.2022.9756077","DOIUrl":null,"url":null,"abstract":"Botnets are a threat in a dangerous cyber era. Botnets involve malicious software to attack the system based on instructions from the botmaster. Previous research had introduced a botnet activity detection model, such as using activity time analysis through a sliding time-based traffic segmentation process. However, the introduced model has not analyzed the ideal time in the sliding process in the segmentation process. The sliding process is needed to detect the botnet attack activity chain correctly. This paper analyzed the ideal time in the sliding process in traffic data segmentation to detect botnet activity and obtain information about botnet attacks. It aimed to get the optimal time in the sliding process and see its effect on detection accuracy. The test was carried out using a public dataset, namely the CTU-13 dataset, based on the two detection models in previous research. The result showed that the optimal time in the sliding process was 30 minutes in both detection models, with the best scenario detection results of 231 and the best detection accuracy of 97.93%.","PeriodicalId":122550,"journal":{"name":"2022 5th International Conference on Computing and Informatics (ICCI)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 5th International Conference on Computing and Informatics (ICCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/icci54321.2022.9756077","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Botnets are a threat in a dangerous cyber era. Botnets involve malicious software to attack the system based on instructions from the botmaster. Previous research had introduced a botnet activity detection model, such as using activity time analysis through a sliding time-based traffic segmentation process. However, the introduced model has not analyzed the ideal time in the sliding process in the segmentation process. The sliding process is needed to detect the botnet attack activity chain correctly. This paper analyzed the ideal time in the sliding process in traffic data segmentation to detect botnet activity and obtain information about botnet attacks. It aimed to get the optimal time in the sliding process and see its effect on detection accuracy. The test was carried out using a public dataset, namely the CTU-13 dataset, based on the two detection models in previous research. The result showed that the optimal time in the sliding process was 30 minutes in both detection models, with the best scenario detection results of 231 and the best detection accuracy of 97.93%.

查看原文本刊更多论文

僵尸网络活动检测流量分割中的滑动时间分析

在危险的网络时代，僵尸网络是一种威胁。僵尸网络涉及恶意软件根据僵尸管理员的指令攻击系统。以前的研究已经引入了一种僵尸网络活动检测模型，例如通过基于滑动时间的流量分割过程使用活动时间分析。然而，所引入的模型并没有对分割过程中滑动过程的理想时间进行分析。滑动过程是正确检测僵尸网络攻击活动链所必需的。本文分析了流量数据分割中滑动过程中检测僵尸网络活动和获取僵尸网络攻击信息的理想时间。目的是得到滑动过程中的最优时间，并观察其对检测精度的影响。在之前研究的两种检测模型的基础上，使用一个公共数据集，即CTU-13数据集进行测试。结果表明，两种检测模型在滑动过程中的最佳时间均为30 min，最佳场景检测结果为231，最佳检测准确率为97.93%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 5th International Conference on Computing and Informatics (ICCI)

自引率

0.00%

发文量