Disclosure
作者: Leyla Bilge , Davide Balzarotti , William Robertson , Engin Kirda , Christopher Kruegel
关键词: Computer security 、 Botnet 、 The Internet 、 Command and control 、 Computer science 、 Reputation 、 Server 、 NetFlow 、 Unavailability 、 False positive rate
摘要: Botnets continue to be a significant problem on the Internet. Accordingly, great deal of research has focused methods for detecting and mitigating effects botnets. Two primary factors preventing development effective large-scale, wide-area botnet detection systems are seemingly contradictory. On one hand, technical administrative restrictions result in general unavailability raw network data that would facilitate large scale. other were this available, real-time processing at scale formidable challenge. In contrast data, NetFlow is widely available. However, imposes several challenges performing accurate detection.In paper, we present Disclosure, system incorporates combination novel techniques overcome imposed by use data. particular, identify groups features allow Disclosure reliably distinguish C&C channels from benign traffic using records (i.e., flow sizes, client access patterns, temporal behavior). To reduce Disclosure's false positive rate, incorporate number external reputation scores into our system's procedure. Finally, provide an extensive evaluation over two large, real-world networks. Our demonstrates able perform datasets order billions flows per day.
acm.org
ucsb.edu
neu.edu
core.ac.uk 
sci-hub.se 参考文章(32)
Benoit Claise, Cisco Systems NetFlow Services Export Version 9 RFC. ,vol. 3954, pp. 1- 33 ,(2004)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Matthew Wiener, Andy Liaw, Classification and Regression by randomForest ,(2007)
Suresh Singh, James R. Binkley, An algorithm for anomaly-based botnet detection conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2006)
Alexander Moshchuk, Steven D. Gribble, Arvind Krishnamurthy, John P. John, Studying spamming botnets using Botlab networked systems design and implementation. pp. 291- 306 ,(2009)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Steven L. Salzberg, Alberto Segre, Programs for Machine Learning ,(1994)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Nello Cristianini, John Shawe-Taylor, An Introduction to Support Vector Machines and Other Kernel-based Learning Methods ,(2000)