Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling
Botnets pose a serious threat to the health of the Internet. Most current network-based botnet detection systems require Deep Packet Inspection (DPI) to detect bots. Because DPI is a computational costly process, such detection systems cannot handle large volumes of traffic typical of large enterprise and ISP networks. In this paper, the authors propose a system that aims to efficiently and effectively identify a small number of suspicious hosts that are likely bots. Their traffic can then be forwarded to DPI-based botnet detection systems for fine-grained inspection and accurate botnet detection.