174. Research of Botnet Detection Based on Multi-Stage Classifier

The botnet represents a growing threat to the network security and the variants that emerge endlessly. Although the known anomaly detection algorithms can detect the unknown botnet to some degree, the generalization and the accuracy of the models remain to be improved. Whereas in this paper we proposed a botnet anomaly detection structure based on multi-level classifier, the first level classifier proposes a new periodical communication detection method. Compared with spectrum analysis, the algorithm has a lower complexity and can make online and real-time detection of the botnet; the second level classifier establishes the decision tree using the statistical characteristics of the IP pairs of the periodical communication. The result of the experiment indicates that compared with the algorithms only adopting the periodical communication or that based on the flow statistical characteristics, the multi-level classifier model not only has the higher generalization but also the higher accuracy in detecting the unknown botnet.