In recent years, a large number of Internet Things devices are used in life, many which vulnerable to attacks from security perspective. Botnet malware is one the main threats IoT devices. Hence detection botnet most important challenge for This paper proposes an approach base on PSI graph data combine with evolutionary algorithm-based technique. To best our knowledge, there have been no studie...

Remote-controlled malware, organized in so-called botnets, have emerged as one of the most prolific kinds of malicious software. Although numbers vary, in extreme cases such as Conficker, Bredolab and Mariposa, one botnet can span up to several million infected computers. This way, attackers draw substantial revenue by monetizing their bot-infected computers. This thesis encapsulates research o...

Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...

The networks of compromised and remotely controlled computers (bots) are widely used in many Internet fraudulent activities, especially in the distributed denial of service attacks. Brute force gives enormous power to bot masters and makes botnet traffic visible; therefore, some countermeasures might be applied at early stages. Our study focuses on detecting botnet propagation via public websit...

We develop new techniques to map botnet membership using traces of spam email. To group bots into botnets we look for multiple bots participating in the same spam email campaign. We have applied our technique against a trace of spam email from Hotmail Web mail services. In this trace, we have successfully identified hundreds of botnets. We present new findings about botnet sizes and behavior wh...

We consider the problem of using flow-level data for detection of botnet command and control (C&C) activity. We find that current approaches do not consider timingbased calibration of the C&C traffic traces prior to using this traffic to salt a background traffic trace. Thus, timing-based features of the C&C traffic may be artificially distinctive, potentially leading to (unrealistically) optim...

Botnets are collections of compromised computers which have come under the control of a malicious person or organisation via malicious software stored on the computers, and which can then be used to interfere with, misuse, or deny access to a wide range of Internet-based services. With the current trend towards increasing use of the Internet to support activities related to banking, commerce, h...

DDoS attacks are the process of making the target system non-responsive to the legitimate requests. They were focusing on network and transport layers initially. Now the application layer DDoS attacks are prominent and are most difficult to resolve online. This paper presents a comprehensive study on Botnet-based DDoS attacks on application layer, and the extended incidents of such attacks that...

Botnets are becoming the predominant threat on the Internet today and is the primary vector for carrying out attacks against organizations and individuals. Botnets have been used in a variety of cybercrime, from click-fraud to DDOS attacks to the generation of spam. In this paper we propose an approach to detect botnet activity by classifying network traffic behavior using machine learning clas...