Botnet detection based on Markov chain and Fuzzy rough set

Main Article Content

Aziz Ezzatneshan, Seyed Reza Kamel Tabbakh Farizani, Maryam Kheirabadi, Reza Ghaemi


Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%.


Article Details