An Empirical Comparison of Botnet Detection Methods
- Autores
- García, Sebastián; Grill, M.; Stiborek, J.; Zunino Suarez, Alejandro Octavio
- Año de publicación
- 2014
- Idioma
- inglés
- Tipo de recurso
- artículo
- Estado
- versión publicada
- Descripción
- The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.
Fil: García, Sebastián. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; Argentina. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa
Fil: Grill, M.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa
Fil: Stiborek, J.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa
Fil: Zunino Suarez, Alejandro Octavio. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; Argentina - Materia
-
Botnet Detection
Malware Detection
Methods Comparison
Botnet Dataset
Anomaly Detection
Network Traffic - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by-nc-nd/2.5/ar/
- Repositorio
.jpg)
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/6772
Ver los metadatos del registro completo
| id |
CONICETDig_2484e38119a96778258b10152235d1ef |
|---|---|
| oai_identifier_str |
oai:ri.conicet.gov.ar:11336/6772 |
| network_acronym_str |
CONICETDig |
| repository_id_str |
3498 |
| network_name_str |
CONICET Digital (CONICET) |
| spelling |
An Empirical Comparison of Botnet Detection MethodsGarcía, SebastiánGrill, M.Stiborek, J.Zunino Suarez, Alejandro OctavioBotnet DetectionMalware DetectionMethods ComparisonBotnet DatasetAnomaly DetectionNetwork Traffichttps://purl.org/becyt/ford/1.2https://purl.org/becyt/ford/1The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.Fil: García, Sebastián. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; Argentina. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República ChecaFil: Grill, M.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República ChecaFil: Stiborek, J.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República ChecaFil: Zunino Suarez, Alejandro Octavio. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; ArgentinaElsevier2014-06info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdfapplication/pdfapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/6772García, Sebastián; Grill, M.; Stiborek, J.; Zunino Suarez, Alejandro Octavio; An Empirical Comparison of Botnet Detection Methods; Elsevier; Computers & Security; 45; 6-2014; 100-1230167-4048enginfo:eu-repo/semantics/altIdentifier/url/http://www.sciencedirect.com/science/article/pii/S0167404814000923info:eu-repo/semantics/altIdentifier/doi/info:eu-repo/semantics/altIdentifier/doi/10.1016/j.cose.2014.05.011info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-nd/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-29T10:15:17Zoai:ri.conicet.gov.ar:11336/6772instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-29 10:15:17.548CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
| dc.title.none.fl_str_mv |
An Empirical Comparison of Botnet Detection Methods |
| title |
An Empirical Comparison of Botnet Detection Methods |
| spellingShingle |
An Empirical Comparison of Botnet Detection Methods García, Sebastián Botnet Detection Malware Detection Methods Comparison Botnet Dataset Anomaly Detection Network Traffic |
| title_short |
An Empirical Comparison of Botnet Detection Methods |
| title_full |
An Empirical Comparison of Botnet Detection Methods |
| title_fullStr |
An Empirical Comparison of Botnet Detection Methods |
| title_full_unstemmed |
An Empirical Comparison of Botnet Detection Methods |
| title_sort |
An Empirical Comparison of Botnet Detection Methods |
| dc.creator.none.fl_str_mv |
García, Sebastián Grill, M. Stiborek, J. Zunino Suarez, Alejandro Octavio |
| author |
García, Sebastián |
| author_facet |
García, Sebastián Grill, M. Stiborek, J. Zunino Suarez, Alejandro Octavio |
| author_role |
author |
| author2 |
Grill, M. Stiborek, J. Zunino Suarez, Alejandro Octavio |
| author2_role |
author author author |
| dc.subject.none.fl_str_mv |
Botnet Detection Malware Detection Methods Comparison Botnet Dataset Anomaly Detection Network Traffic |
| topic |
Botnet Detection Malware Detection Methods Comparison Botnet Dataset Anomaly Detection Network Traffic |
| purl_subject.fl_str_mv |
https://purl.org/becyt/ford/1.2 https://purl.org/becyt/ford/1 |
| dc.description.none.fl_txt_mv |
The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology. Fil: García, Sebastián. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; Argentina. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa Fil: Grill, M.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa Fil: Stiborek, J.. Czech Technical University in Prague. Department of Computer Science and Engineering. Agents Technology Group; República Checa Fil: Zunino Suarez, Alejandro Octavio. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Tandil. Instituto Superior de Ingenieria del Software; Argentina |
| description |
The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology. |
| publishDate |
2014 |
| dc.date.none.fl_str_mv |
2014-06 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 info:ar-repo/semantics/articulo |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/6772 García, Sebastián; Grill, M.; Stiborek, J.; Zunino Suarez, Alejandro Octavio; An Empirical Comparison of Botnet Detection Methods; Elsevier; Computers & Security; 45; 6-2014; 100-123 0167-4048 |
| url |
http://hdl.handle.net/11336/6772 |
| identifier_str_mv |
García, Sebastián; Grill, M.; Stiborek, J.; Zunino Suarez, Alejandro Octavio; An Empirical Comparison of Botnet Detection Methods; Elsevier; Computers & Security; 45; 6-2014; 100-123 0167-4048 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/http://www.sciencedirect.com/science/article/pii/S0167404814000923 info:eu-repo/semantics/altIdentifier/doi/ info:eu-repo/semantics/altIdentifier/doi/10.1016/j.cose.2014.05.011 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by-nc-nd/2.5/ar/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-nd/2.5/ar/ |
| dc.format.none.fl_str_mv |
application/pdf application/pdf application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
Elsevier |
| publisher.none.fl_str_mv |
Elsevier |
| dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
| reponame_str |
CONICET Digital (CONICET) |
| collection |
CONICET Digital (CONICET) |
| instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
| _version_ |
1844614087840890880 |
| score |
13.070432 |