TY - GEN
T1 - The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster
AU - Wang, Chun Yu
AU - Yap, Jia Hong
AU - Chen, Kuan Chung
AU - Chang, Jyh Biau
AU - Shieh, Ce Kuen
N1 - Funding Information:
The authors are grateful to the Ministry of Science and Technology, Taiwan for the financial support (This research funded by contract MOST-103-2221-E-006-144-MY3), National Center for High-Performance Computing, Taiwan for providing NetFlow log and VirusTotal for contributing the malicious IP checking.
Publisher Copyright:
© Springer Nature Singapore Pte Ltd. 2019.
PY - 2019
Y1 - 2019
N2 - In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.
AB - In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.
UR - http://www.scopus.com/inward/record.url?scp=85069669964&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85069669964&partnerID=8YFLogxK
U2 - 10.1007/978-981-13-9190-3_8
DO - 10.1007/978-981-13-9190-3_8
M3 - Conference contribution
AN - SCOPUS:85069669964
SN - 9789811391897
T3 - Communications in Computer and Information Science
SP - 82
EP - 92
BT - New Trends in Computer Technologies and Applications - 23rd International Computer Symposium, ICS 2018, Revised Selected Papers
A2 - Chang, Chuan-Yu
A2 - Lin, Chien-Chou
A2 - Lin, Horng-Horng
PB - Springer Verlag
T2 - 23rd International Computer Symposium, ICS 2018
Y2 - 20 December 2018 through 22 December 2018
ER -