TY - GEN
T1 - Botnet Dataset Overview Using Statistical Approach Based on Time Gap Activity Analysis
AU - Rachman Putra, Muhammad Aidiel
AU - Ahmad, Tohari
AU - Hostiadi, Dandy Pramana
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Botnet malware is a malicious activity that needs to be detected accurately. Several botnet detection models have been introduced using a mining-based method. The distribution analysis approach is often used to obtain the characteristics of the data before modeling it on a mining-based detection model. However, the distribution approach could be more optimal in describing the timeliness of botnet attacks. The botnet attack time analysis is needed to determine the right detection model for the botnet activity detection model. This paper proposes a new overview technique for botnet datasets using a statistical approach based on time gap analysis for each bot. The goal is to obtain a threshold value that can optimally separate botnet activity traffic from normal traffic. The experimental result is three different time gap threshold values to separate the botnet, normal, and background activity, ideally based on the highest time of 4,756 s, the lowest time of 28.69 s, and the average maximum time gap of 810.61 s.
AB - Botnet malware is a malicious activity that needs to be detected accurately. Several botnet detection models have been introduced using a mining-based method. The distribution analysis approach is often used to obtain the characteristics of the data before modeling it on a mining-based detection model. However, the distribution approach could be more optimal in describing the timeliness of botnet attacks. The botnet attack time analysis is needed to determine the right detection model for the botnet activity detection model. This paper proposes a new overview technique for botnet datasets using a statistical approach based on time gap analysis for each bot. The goal is to obtain a threshold value that can optimally separate botnet activity traffic from normal traffic. The experimental result is three different time gap threshold values to separate the botnet, normal, and background activity, ideally based on the highest time of 4,756 s, the lowest time of 28.69 s, and the average maximum time gap of 810.61 s.
KW - botnet
KW - intrusion detection system
KW - network infrastructure
KW - network security
KW - time analysis
UR - http://www.scopus.com/inward/record.url?scp=85163115761&partnerID=8YFLogxK
U2 - 10.1109/ISDFS58141.2023.10131832
DO - 10.1109/ISDFS58141.2023.10131832
M3 - Conference contribution
AN - SCOPUS:85163115761
T3 - ISDFS 2023 - 11th International Symposium on Digital Forensics and Security
BT - ISDFS 2023 - 11th International Symposium on Digital Forensics and Security
A2 - Varol, Asaf
A2 - Karabatak, Murat
A2 - Varol, Cihan
A2 - Nasab, Ahad
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th International Symposium on Digital Forensics and Security, ISDFS 2023
Y2 - 11 May 2023 through 12 May 2023
ER -