C&C session detection using random forest

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

DDoS (Distributed Denial of Service) attack is one of the most used DoS (Denial of Service) attack. It is a distributed attack in which an attacker uses a multitude of compromised computers to attack a single target. Those compromised computers that actually execute the attack are called botnet. To hide their identity, the attacker usually uses a third-party server to control and send attack command to bots, this kind of server is called C&C (command & control) server. The detection of C&C sessions is a strong proof of botnet detection and early detection of DDoS attacks as C&C connections occur before a DDoS attack. Network traffic analysis is an effective method to detect C&C sessions as it is hard to avoid encrypting the payload or change command code. We consider a new feature vector with 55 features, and use a random forest algorithm to build the classifier. Random forest is an ensemble of classifiers that can deal with high-dimension problems. In fact, it can also calculate the importance of features that will help us find the key features responsible for the detection of C&C sessions. Experimental results show that our approach has better performance on C&C session detection.

Original languageEnglish
Title of host publicationProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450348881
DOIs
Publication statusPublished - Jan 5 2017
Event11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 - Beppu, Japan
Duration: Jan 5 2017Jan 7 2017

Publication series

NameProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

Other

Other11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
CountryJapan
CityBeppu
Period1/5/171/7/17

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems

Fingerprint Dive into the research topics of 'C&C session detection using random forest'. Together they form a unique fingerprint.

  • Cite this

    Lu, L., Feng, Y., & Sakurai, K. (2017). C&C session detection using random forest. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 [34] (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3022227.3022260