查看文章

Among the diverse forms of malware, Botnet is the most widespread and serious threat which occurs commonly in today's cyberattacks. A botnet is a group of compromised computers which are remotely controlled by hackers to launch various network attacks, such as DDoS attack, spam, click fraud, identity theft and information phishing. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Botnet has become a popular and productive tool behind many cyber-attacks. Recently malicious botnets evolve into HTTP botnets out of typical IRC botnets. Data mining algorithms allow us to automate detecting characteristics from large amount of data, which the conventional heuristics and signature based methods could not apply. Here, a new technique for botnet detection is presented that makes use of Timestamp and frequent patternset generated by the Apriori algorithm. The point that distinguishes our proposed detection technique from many other similar works is that there is no need for prior knowledge of Botnets such as Botnet signature.