Detecting Botnets Behaviors over Network Flows using Hidden Markov Models

Abstract

Botnets are one of the most common and powerful cyber attacks tools, from DDoS attacks to crypto currencies mining. Due to the extreme diversity of Botnets types and interactions, it is very difficult to detect their influence using pay-load data only. Within this contextthe goal is to build a Botnets detection system using metadata information from network flows. To do so, we propose a new system based on probabilistic machine learning techniques using Hidden Markov Models to model interactions inside of suspicious networks. Our work is based on a dataset from the Stratosphere project released in 2014.