| Resumen |
In this paper, some clustering techniques are analyzed to compare their ability to detect botnet traffic by selecting features that distinguish connections belonging to or not belonging to a botnet. By considering the history of network’s connections, some clustering algorithms are used to derive a set of rules to decide which should be considered as a botnet. Our main contribution is to evaluate different clustering techniques to detect botnets based on their detection rate (true and false positives). The algorithms used are K-medoids and K-means clustering. Datasets used in this paper were extracted from the repositories ISOT and ISCX. Results on K-medoids were better for almost all the experiments than K-means. |
