The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

• Published in: New Trends in Computer Technologies and Applications Vol. 1013; pp. 82 - 92
• Main Authors: Wang, Chun-Yu, Yap, Jia-Hong, Chen, Kuan-Chung, Chang, Jyh-Biau, Shieh, Ce-Kuen
• Format: Book Chapter
• Language: English
• Published: Singapore Springer Singapore Pte. Limited 2019; Springer Singapore
• Series: Communications in Computer and Information Science
• Subjects: BotCluster; NetFlow; Network security; P2P botnet detection
• ISBN: 9789811391897; 9811391890
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-981-13-9190-3_8

In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.