Data Confirmation for Botnet Traffic Analysis


Fariba Haddadi
A. Nur Zincir-Heywood

Author Addresses: 

Faculty of Computer Science
Dalhousie University
6050 University Ave.
PO Box 15000
Halifax, Nova Scotia, Canada
B3H 4R2

Email: {haddadi, zincir}


In this paper, we propose a systematic approach to generate botnet traffic. Given the lack of benchmarking botnet traffic data, we anticipate that such an endeavour will be beneficial to the research community. To this end, we employ the proposed approach to generate Zeus and Citadel botnet traffic as a case study. We analyze the characteristics of the generated data against the characteristics of NETRESEC and Snort captures publicly available in the field. This analysis confirms that our data is comparable to the data captured in the field in terms of the botnet behaviours represented.

Tech Report Number: 
Report Date: 
February 25, 2014
PDF icon CS-2014-01.pdf371.91 KB