Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Method for Effective Measurement, Labeling, and Classification of Botnet C2s for Predicting Attacks

Published

Author(s)

Mitsuhiro Hatada, Matthew A. Scholl

Abstract

In the IoT era, botnet threats are rising, which has prompted many studies on botnet detection. This study aims to detect the early signs of botnet attacks such as massive spam emails and Distributed Denial-of-Service attacks. To that end, this study develops a practical framework for measurement, labeling, and classification of botnet Command and Control (C2) for predicting attacks. The focus is on C2 traffic and measurement of the comprehensive metrics studied in previous works. The data is labeled based on the result of the correlation analysis between C2 metrics and spam volume. Then, a special type of recurrent neural network, i.e., Long Short- Term Memory, is applied to detect an increase in spam by a botnet. The framework managed to detect it with an accuracy of 0.981.
Conference Dates
February 23-26, 2020
Conference Location
San Diego, CA
Conference Title
27th Annual Network and Distributed System Security Symposium (NDSS)

Keywords

botnet threats, Internet of Things, Command and Control (C2), attacks

Citation

Hatada, M. and Scholl, M. (2020), Method for Effective Measurement, Labeling, and Classification of Botnet C2s for Predicting Attacks, 27th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929437 (Accessed June 14, 2021)
Created February 23, 2020, Updated May 13, 2020