A Closer Look at the HTTP and P2P Based Botnets from a Detector's Perspective

  title={A Closer Look at the HTTP and P2P Based Botnets from a Detector's Perspective},
  author={Fariba Haddadi and Ayse Nur Zincir-Heywood},
Botnets are one of the main aggressive threats against cybersecurity. To evade the detection systems, recent botnets use the most common communication protocols on the Internet to hide themselves in the legitimate users traffic. From this perspective, most recent botnets are HTTP based and/or Peer-to-Peer (P2P) systems. In this work, we investigate whether such structural differences have any impact on the performance of the botnet detection systems. To this end, we studied the differences of… 

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

Results indicate that a machine learning–based system with minimum a priori information not only achieves a very high performance but also generalizes much better than the other systems evaluated on a wide range of botnet structures.

Data analytics on network traffic flows for botnet behaviour detection

The results show that SOMs possess high potential as a data analytics tool on unknown traffic, and can identify the botnet and normal flows with high confidence approximately 99% of the time on the data sets employed in this work.

Internet Traffic Profiling

This chapter takes you on a journey on Internet traffic, from understanding its profile to generating packets or flows, in diverse environments, by looking at recent advances in traffic identification and classification and then discussing techniques and tools to effectively profile network traffic in a scalable fashion.

Benchmarking evolutionary computation approaches to insider threat detection

Experiments conducted on a publicly available corporate data set show the capability of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.


The author states that the author intended for the book to be read as a monograph rather than a collection of chapters, but that the use of the word “ chapters” ended up being more useful than the actual book.

Performance Evaluation for Network Services, Systems and Protocols

  • S. Fernandes
  • Computer Science
    Springer International Publishing
  • 2017



On the Effectiveness of Different Botnet Detection Approaches

This work investigates four different botnet detection approaches based on the technique used and type of data employed, two of them are public rule based systems (BotHunter and Snort) and the other two are data mining based techniques with different feature extraction methods (packet payload based and traffic flow based).

Detecting stealthy P2P botnets using statistical traffic fingerprints

This paper proposes a novel botnet detection system that is able to identify stealthy P2P botnets, even when malicious activities may not be observable, and can achieve high detection accuracy with a low false positive rate.

Botnet detection based on traffic behavior analysis and flow intervals

Advanced Methods for Botnet Intrusion Detection Systems

This chapter will cover a concise survey of botnet detection systems as well as provide a novel mobile-agent based method that has been adapted from mobile- agent based intrusion detection systems, for handling botnets.

Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification

A study on the effect of (if any) the feature sets of network traffic flow exporters on the performance of botnet traffic classification indicates that the use of a flow exporter and a protocol filter indeed has an effect on theperformance of botnets.

On botnet behaviour analysis using GP and C4.5

This work employs machine learning algorithms (genetic programming and decision trees) to detect distinct behaviours in various botnets, finding that botnets mimic legitimate HTTP traffic while actually serving botnet purposes.

Automatically Generating Models for Botnet Detection

This work presents a system that aims to detect bots, independent of any prior information about the command and control channels or propagation vectors, and without requiring multiple infections for correlation.

A Survey of Botnet and Botnet Detection

A survey of botnet and botnet detection techniques is presented, which clarifies botnet phenomenon and discusses botnets detection techniques, and summarizes bot network detection techniques in each class and provides a brief comparison.

Towards effective feature selection in machine learning-based botnet detection approaches

This paper revisits flow-based features employed in the existing botnet detection studies and evaluates their relative effectiveness, and creates a dataset containing a diverse set of botnet traces and background traffic.

Botnet Detection System Analysis on the Effect of Botnet Evolution and Feature Representation

This work gathered seven Zeus botnet data sets over a period of four years and analyzed three different data representation techniques to explore two questions: (i) How can the representation of non-numeric features effect the detection system's performance? and (ii) How long can a machine learning based detection system can perform effectively.