Virtual Booth

Network security is the main topic of this paper, with a focus on using behavioral and algorithmic analysis to identify and stop botnet malware. Because coordinated cyberattacks are using botnets more frequently, early identification is essential to preserving network integrity. Because botnet activity can mimic normal traffic, it is difficult to identify, which is the primary issue this study attempts to address. This was resolved by developing a dual-detection method that combines time-based communication (beaconing) detection with flow threshold analysis. After extracting important packet information from PCAP files using TShark, a custom Python script analyzes the data to identify anomalous packet volumes and recurring communication patterns that are frequently linked to command-and-control (C2) traffic. The intrusion detection system (IDS) can produce alerts on the fly by automatically translating suspicious IP addresses into real-time Suricata rules. To clearly visualize all of the activities that have been highlighted, an HTML report is also provided. To test the accuracy and responsiveness of the system, the study used CTU-13 datasets and simulated traffic scenarios. The results demonstrated that the automated rule creation greatly shortened response time and that the system could detect botnet behavior with few false positives. Real-time identification and prevention were effectively supported by the combination of algorithmic analysis and behavioral profiling. This work offers a modular, lightweight method that can be used into larger network defensive systems.