Publication Date

Spring 2017

Degree Type

Master's Project

Degree Name

Master of Science (MS)


Computer Science

First Advisor

Mark Stamp

Second Advisor

Thomas Austin

Third Advisor

Melody Moh


Command and Control Server, traffic periodicity


A botnet consists of a network of infected computers which are controlled re- motely via a command and control (C&C) server. A typical botnet requires frequent communication between the C&C server and the infected nodes. Previous approaches to detecting botnets have employed various machine learning techniques, based on features extracted from network tra c. In this research, we carefully analyze the pe- riodicity of tra c as a means for detecting a variety of botnets by applying machine learning to publicly available datasets.