Detecting IRC-based Botnets by Network Traffic Analysis Through Machine Learning

Abstract

Cybersecurity becomes increasingly important as information and communications technology (ICT) is adopted throughout the world. Cyber attacks can happen both externally and internally. With majority of cyber attacks being executed by insiders, it is important to detect insider attacks and even prevent them. This paper studies how to apply machine learning in analyzing network traffic to detect insider attacks, particularly in the area of botnet detection. Different from existing work considered two types of Hyper Text Transfer Protocol (HTTP)-based botnets, we consider two types of popular Internet Relay Chat (IRC)-based botnets. With selected flow characteristics, experimental results show that the proposed detection model can achieve a true positive rate of over 96%, with a false positive rate of less than 5%.