BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML) techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of many research efforts. This research aims to overcome two serious limitations of current botnet detection systems: First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. To achieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we have identified a set of statistical features that may help to distinguish between benign and botnet malicious traffic. Then, we have carried several machine learning experiments in order to test the suitability of ML techniques and also to pick a minimal subset of the identified features that provide best detection. We have implemented our approach in a tool called BotCap whose test results proved its ability to detect individually infected hosts in a local network.