Autocorrelation Analysis of Financial Botnet Traffic

Authors

Prathiba Nagarajan, San Jose State University
Fabio Troia, San Jose State University
Thomas Austin, San Jose State University
Mark Stamp, San Jose State UniversityFollow

Publication Date

January 2018

Document Type

Contribution to a Book

Publication Title

Proceedings of the 4th International Conference on Information Systems Security and Privacy

Abstract

A botnet consists of a network of infected computers that can be controlled remotely via a command and control (C&C) server. Typically, a botnet requires frequent communication between a C&C server and the infected nodes. Previous approaches to detecting botnets have included various machine learning techniques based on features extracted from network traffic. In this research, we conduct autocorrelation analysis of traffic generated by financial botnets, and we show that periodicity is a highly distinguishing feature for detecting such botnets.

Recommended Citation

Prathiba Nagarajan, Fabio Troia, Thomas Austin, and Mark Stamp. "Autocorrelation Analysis of Financial Botnet Traffic" Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018).