Chen, WeikengLuo, XiaoZincir-Heywood, A. Nur2018-05-032018-05-032017-05Chen, W., Luo, X., & Zincir-Heywood, A. N. (2017). Exploring a service-based normal behaviour profiling system for botnet detection. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 947–952). https://doi.org/10.23919/INM.2017.7987417https://hdl.handle.net/1805/16010Effective detection of botnet traffic becomes difficult as the attackers use encrypted payload and dynamically changing port numbers (protocols) to bypass signature based detection and deep packet inspection. In this paper, we build a normal profiling-based botnet detection system using three unsupervised learning algorithms on service-based flow-based data, including self-organizing map, local outlier, and k-NN outlier factors. Evaluations on publicly available botnet data sets show that the proposed system could reach up to 91% detection rate with a false alarm rate of 5%.enPublisher Policybotnet trafficprotocolsbotnet detectionConference proceedings