BOTNET DETECTION BASED ON ANOMALY AND COMMUNITY DETECTION

ABSTRACT
We introduce a novel two-stage approach form the important cyber-security problem of
detecting then presence of a botnet and identifying the compromised nodes (the bots), ideally
before the botnet becomes active. The first stage detects anomalies by leveraging large
deviations of an empirical distribution.

EXISTING SYSTEM
A botnet is a network of compromised computers controlled by a botmaster. Botnets
are typically used for Distributed Denial-of-Service (DDoS) attacks, click fraud, or spamming.
DDoS attacks flood the victim with packets/requests from many bots, effectively consuming
critical resources and denying service to legitimate users. Botnet attacks are widespread. In a
recent survey, 300 out of 1000 surveyed businesses have suffered from DDoS attacks and 65%
of the attacks cause up to $10,000 loss per hour. Both click fraud and spamming are harmful to
the web economy.

DISADVANTAGES

Both click fraud and spamming are harmful to the web economy. Because of these losses,
botnet detection has received considerable attention.

PROPOSED SYSTEM
We propose two approaches to create the empirical distribution: a flow-based approach
estimating the histogram of quantized flows, and a graph based approach estimating the degree
distribution of node interaction graphs, encompassing both Erdos-Renyi graphs and scale-free
graphs. The second stage detects the bots using ideas from social network community detection
in a graph that captures correlations of interactions among nodes over time. Community
detection is done by maximizing a modularity measure in this graph. The modularity
#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com

maximization problem is non-convex. We propose a convex relaxation, an effective

randomization algorithm, and establish sharp bounds on the sub optimality gap. We apply our
method to real-world botnet traffic and compare its performance with other methods.

ADVANTAGES

Network anomalies that are associated with the presence of a botnet while the second
stage identifies the bots by analyzing these anomalies.

Botmasters or attack targets are easier to detect because they communicate with many
other nodes, and the activities of infected machines are more correlated with each other
than those of normal machines.

MODULES

Anomaly detection

Botnet discovery

Experimental results

SYSTEM CONFIGURATION
HARDWARE CONFIGURATION
Processor

Dual core processor

Speed

1.1 Ghz

RAM

1 GB

Hard Disk

80 GB

Key Board

Standard Windows Keyboard

Mouse

Two or Three Button Mouse

Monitor

SVGA

Operating System

Windows Family

Programming Language

JAVA

Java Version

JDK 1.6 & above

SOFTWARE CONFIGURATION

#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com