The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

Chun Yu Wang; Jia Hong Yap; Kuan Chung Chen; Jyh Biau Chang; Ce Kuen Shieh

doi:10.1007/978-981-13-9190-3_8

The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

Chun Yu Wang, Jia Hong Yap, Kuan Chung Chen, Jyh Biau Chang, Ce Kuen Shieh

Institute of Computer and Communication Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2^nd to April 15^th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.

Original language	English
Title of host publication	New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers
Editors	Chuan-Yu Chang, Chien-Chou Lin, Horng-Horng Lin
Publisher	Springer Verlag
Pages	82-92
Number of pages	11
ISBN (Print)	9789811391897
DOIs	https://doi.org/10.1007/978-981-13-9190-3_8
Publication status	Published - 2019
Event	23rd International Computer Symposium, ICS 2018 - Yunlin, Taiwan Duration: 2018 Dec 20 → 2018 Dec 22

Publication series

Name	Communications in Computer and Information Science
Volume	1013
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	23rd International Computer Symposium, ICS 2018
Country/Territory	Taiwan
City	Yunlin
Period	18-12-20 → 18-12-22

All Science Journal Classification (ASJC) codes

Computer Science(all)
Mathematics(all)

Access to Document

10.1007/978-981-13-9190-3_8

Cite this

Wang, C. Y., Yap, J. H., Chen, K. C., Chang, J. B., & Shieh, C. K. (2019). The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. In C-Y. Chang, C-C. Lin, & H-H. Lin (Eds.), New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers (pp. 82-92). (Communications in Computer and Information Science; Vol. 1013). Springer Verlag. https://doi.org/10.1007/978-981-13-9190-3_8

Wang, Chun Yu ; Yap, Jia Hong ; Chen, Kuan Chung et al. / The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers. editor / Chuan-Yu Chang ; Chien-Chou Lin ; Horng-Horng Lin. Springer Verlag, 2019. pp. 82-92 (Communications in Computer and Information Science).

@inproceedings{79c627ed73d241ff90f9bc6b13aee595,

title = "The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster",

abstract = "In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.",

author = "Wang, {Chun Yu} and Yap, {Jia Hong} and Chen, {Kuan Chung} and Chang, {Jyh Biau} and Shieh, {Ce Kuen}",

note = "Funding Information: The authors are grateful to the Ministry of Science and Technology, Taiwan for the financial support (This research funded by contract MOST-103-2221-E-006-144-MY3), National Center for High-Performance Computing, Taiwan for providing NetFlow log and VirusTotal for contributing the malicious IP checking. Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2019.; 23rd International Computer Symposium, ICS 2018 ; Conference date: 20-12-2018 Through 22-12-2018",

year = "2019",

doi = "10.1007/978-981-13-9190-3_8",

language = "English",

isbn = "9789811391897",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "82--92",

editor = "Chuan-Yu Chang and Chien-Chou Lin and Horng-Horng Lin",

booktitle = "New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers",

address = "Germany",

}

Wang, CY, Yap, JH, Chen, KC, Chang, JB & Shieh, CK 2019, The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. in C-Y Chang, C-C Lin & H-H Lin (eds), New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers. Communications in Computer and Information Science, vol. 1013, Springer Verlag, pp. 82-92, 23rd International Computer Symposium, ICS 2018, Yunlin, Taiwan, 18-12-20. https://doi.org/10.1007/978-981-13-9190-3_8

The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. / Wang, Chun Yu; Yap, Jia Hong; Chen, Kuan Chung et al.
New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers. ed. / Chuan-Yu Chang; Chien-Chou Lin; Horng-Horng Lin. Springer Verlag, 2019. p. 82-92 (Communications in Computer and Information Science; Vol. 1013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

AU - Wang, Chun Yu

AU - Yap, Jia Hong

AU - Chen, Kuan Chung

AU - Chang, Jyh Biau

AU - Shieh, Ce Kuen

N1 - Funding Information: The authors are grateful to the Ministry of Science and Technology, Taiwan for the financial support (This research funded by contract MOST-103-2221-E-006-144-MY3), National Center for High-Performance Computing, Taiwan for providing NetFlow log and VirusTotal for contributing the malicious IP checking. Publisher Copyright: © Springer Nature Singapore Pte Ltd. 2019.

PY - 2019

Y1 - 2019

N2 - In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.

AB - In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.

UR - http://www.scopus.com/inward/record.url?scp=85069669964&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85069669964&partnerID=8YFLogxK

U2 - 10.1007/978-981-13-9190-3_8

DO - 10.1007/978-981-13-9190-3_8

M3 - Conference contribution

AN - SCOPUS:85069669964

SN - 9789811391897

T3 - Communications in Computer and Information Science

SP - 82

EP - 92

BT - New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers

A2 - Chang, Chuan-Yu

A2 - Lin, Chien-Chou

A2 - Lin, Horng-Horng

PB - Springer Verlag

T2 - 23rd International Computer Symposium, ICS 2018

Y2 - 20 December 2018 through 22 December 2018

ER -

Wang CY, Yap JH, Chen KC, Chang JB, Shieh CK. The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. In Chang C-Y, Lin C-C, Lin H-H, editors, New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers. Springer Verlag. 2019. p. 82-92. (Communications in Computer and Information Science). doi: 10.1007/978-981-13-9190-3_8

The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this