Detection of a Botnet-Based Threat in an Internal Network Using Data Mining Algorithm – BotTROP

Abstract:

Nowadays botnet-based threat such as ransomwares, trojans and botnets per se are still very dangerous for our privacy and data. Depending on their management architecture (centralized, decentralized, hybrid) they are all controlled from single or multi point servers called Command&Control (C2) what makes them very difficult to detect and mitigate before malicious action take place.

The main goal of this paper is to present the functionality, novel features and the effectiveness of the botnet-based threat detection software called BotTROP which implementation was based on previous research. Using the data mining algorithms, BotTROP is able to successfully identify malicious network traffic and label its destination IP as C2 before malicious activity take place. Moreover, this method is pointing out all the infected devices (such as lapto