Adoption of a Fuzzy Based Classification Model for P2P Botnet Detection

Botnet threat has increased enormously with adoption of newer technologies like root kit, anti-antivirus modules etc. by the hackers. Emergence of botnets having distributed C & C structure that mimic P2P technologically, has made its detection and dismantling extremely difficult. However, numeric flow feature values of P2P botnet C & C traffic can be used to generate fuzzy rule-set which can then be used to develop an efficient fuzzy based classification model. We generated fuzzy rule based models using Fuzzy Unordered Rule Induction Algorithm (FURIA) from C & C traffic collected from Nugache, Zeus and Waledac botnets. We also provide a comparative analysis of fuzzy based classification models with that of classification models obtained from C4.5 Decision Tree algorithm of Quinlan. Experimental results shows that using fuzzy based classification models, it is possible to achieve very promising result in predicting suspicious P2P botnet flows in the network and hence can be used for proactive detection of P2P botnets.