Botnet Data Analysis

Traffic Analysis

NIMS lab botnet reseach data:

Zeus Botnet (Zeus-1): Trace file, Domain name list

Citadel Botnet: Trace file, Domain name list

Conficker Botnet: Trace file, Domain name list

Alexa (legitimate): Trace file, Domain name list

Zeus Botnet (Zeus-2): Trace file, Description

If you would like to use the NIMS data, please cite this paper:

• 
  

  F. Haddadi and A. N. Zincir-Heywood "Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification," In IEEE Systems Journal, 2014.

• 
  
  To read more about the NIMS traffic traces and how they are generated, please refer to:
•                  F. Haddadi and A. N. Zincir-Heywood "Data Confirmation for Botnet Traffic Analysis,".

Public traffic traces:

• NETRESEC repository- Publicly available PCAP files
• Snort VRT labs- Zeus Trojan Analysis

URL Analysis

Stateful-SBB is a form of genetic programming based learning algorithm which is designed and developed to classify botnet's malicious domain names from the legitimate ones. We compared the Stateful-SBB against the original SBB and some other well-known classifiers. Stateful-SBB Download

If you would like to use this tool, please cite this paper:

F. Haddadi, H. G. kayacik, A. N. Zincir-Heywood, and M.I. Heywood "Malicious Automatically Generated Domain Name Detection Using Stateful-SBB," In 16th European Conference on Aplications of Evolutionary Computations, pp.529-539, 2013.

To read more about this tool:

F. Haddadi, H. G. kayacik, A. N. Zincir-Heywood, and M.I. Heywood "Malicious Automatically Generated Domain Name Detection Using Stateful-SBB," In 16th European Conference on Aplications of Evolutionary Computations, pp.529-539, 2013.

F. Haddadi and A. Nur Zincir-Heywood "Analyzing string format-based classifiers for botnet detection: GP and SVM," In IEEE Congress on Evolutionary Computation (CEC), pp. 2626-2633, 2013.