Botnet detection using graph-based feature clusteringReport as inadecuate

Botnet detection using graph-based feature clustering - Download this document for free, or read online. Document in PDF available to download.

Journal of Big Data

, 4:14

First Online: 12 May 2017Received: 02 March 2017Accepted: 25 April 2017DOI: 10.1186-s40537-017-0074-7

Cite this article as: Chowdhury, S., Khanzadeh, M., Akula, R. et al. J Big Data 2017 4: 14. doi:10.1186-s40537-017-0074-7


Detecting botnets in a network is crucial because bots impact numerous areas such as cyber security, finance, health care, law enforcement, and more. Botnets are becoming more sophisticated and dangerous day-by-day, and most of the existing rule based and flow based detection methods may not be capable of detecting bot activities in an efficient and effective manner. Hence, designing a robust and fast botnet detection method is of high significance. In this study, we propose a novel botnet detection methodology based on topological features of nodes within a graph: in degree, out degree, in degree weight, out degree weight, clustering coefficient, node betweenness, and eigenvector centrality. A self-organizing map clustering method is applied to establish clusters of nodes in the network based on these features. Our method is capable of isolating bots in clusters of small sizes while containing the majority of normal nodes in the same big cluster. Thus, bots can be detected by searching a limited number of nodes. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from consideration. The methodology is verified using the CTU-13 datasets, and benchmarked against a classification-based detection method. The results show that our proposed method can efficiently detect the bots despite their varying behaviors.

KeywordsCyber security Bot detection Graph-based features Clustering 

Author: Sudipta Chowdhury - Mojtaba Khanzadeh - Ravi Akula - Fangyan Zhang - Song Zhang - Hugh Medal - Mohammad Marufuzzaman - Link



Related documents