| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 105 === The network threat caused by botnets still exists. In order to take proper actions, researchers want to detect botnet before it launches attacks. Therefore, detecting botnet C&C traffic plays an important role in botnet detection. In fact, the detection systems using machine-learning techniques have achieved good results. These botnet detection systems can successfully distinguish the C&C traffic from normal traffic. However, the features used in previous works have a problem. The traditional features are not robust enough. People who want to evade the detection system may add noise (randomly change payload size, inter-arrival time... etc.) into the flows so that the classifier will not work properly.
In order to solve the problem, we propose a new feature called the forward-backward string from the direction of the packet. Like calculating traditional features, a system can calculate the forward-backward string from the content of the packet header. With the new feature proposed, the classifier can obtain more information about the network flow to improve the accuracy of the detection system, but also improve the robustness against noise-injected C&C traffic.
|
|---|
