Ontology-based botnet topology discovery approach with ip flow data

Ci Bin Jiang, Jung Shian Li

Research output: Contribution to journalArticlepeer-review


Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.

Original languageEnglish
Pages (from-to)308-325
Number of pages18
JournalInternational Journal of Innovative Computing, Information and Control
Issue number1
Publication statusPublished - 2015 Jan 1

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Information Systems
  • Computational Theory and Mathematics

Fingerprint Dive into the research topics of 'Ontology-based botnet topology discovery approach with ip flow data'. Together they form a unique fingerprint.

Cite this