Botnet Detection by Network Behavior Analysis

One of the most possible vulnerabilities to data available over network can be a botnet attack which can cause significant amount of data loss. A botnet attack is a type of malicious attack that utilizes a series of connected computers to attack or take down a network, network device, website or an IT environment. The attack can slow down the network/server, making it busy enough that other legitimate users are unable to access it or temporarily freeze the server. Distributed denial of service (DDOS) is common example of a botnet attack that utilizes a number of botnet devices to send a large number of simultaneous requests/packets to the targeted system. Thus in this paper we collected data sets (i.e. packets travelling in a network) from various sources and merged it to obtain a larger set comprising of benign and malicious traffic. The packets are then analysed to obtain TCP/UDP based flows. Features are then computed for all the flows identified and listed in a feature vector table. We further tried to parallelize the feature computation work using Hadoop map reduce framework. The feature vector table can be further used to train the classifier for segregating the malicious traffic from the benign traffic. Citation: Mr. Yogesh Sharma, Maharaja Agrasen Institute of Technology; Nipun Agrawal ,Maharaja Agrasen Institute of Technology. "Botnet Detection by Network Behavior Analysis." Global Research and Development Journal For Engineering 211 2017: 34 - 40.