Detection of botnet collusion by degree distribution of domains
作者: Marcel Spruit , Henk Sips , Pieter Burghouwt
DOI:
关键词:
摘要: Malicious botnets threaten the Internet by DDoS-attacks, spam, information theft and other criminal activities. They are using increasingly sophisticated techniques to hide Command Control traffic. Many existing detection can be defeated encryption, tunneling in popular protocols, delays, flow perturbation. We introduce a new DNS-based approach, that detects botnet collusion anomalies degree distribution of visited domains, without any assumption about message content statistical properties The proposed technique is difficult evade, major changes bot Infrastructure or reduced utility. evaluate evasion possibilities, derive theoretical model detector performance test with combination captured traffic simulated botnet-traffic.
researchgate.net 参考文章(15)
Tom Fawcett, ROC Graphs: Notes and Practical Considerations for Data Mining Researchers ,(2003)
Bojan Zdrnja, Nevil Brownlee, Duane Wessels, Passive Monitoring of DNS Anomalies Detection of Intrusions and Malware, and Vulnerability Assessment. ,vol. 4579, pp. 129- 139 ,(2007) , 10.1007/978-3-540-73614-1_8
Vrizlynn L. Thing, Morris Sloman, Naranker Dulay, A survey of bots used for distributed denial of service attacks information security conference. pp. 229- 240 ,(2007) , 10.1007/978-0-387-72367-9_20
Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler, Dina Papagiannaki, Exploiting Temporal Persistence to Detect Covert Botnet Channels recent advances in intrusion detection. pp. 326- 345 ,(2009) , 10.1007/978-3-642-04342-0_17
John C. Mitchell, Elizabeth Stinson, Towards systematic evaluation of the evadability of bot/botnet detection methods usenix security symposium. pp. 5- ,(2008)
Anirudh Ramachandran, Nick Feamster, David Dagon, Detecting Botnet membership with DNSBL counterintelligence Botnet Detection. pp. 131- 142 ,(2008) , 10.1007/978-0-387-68768-1_7
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Albert-László Barabási, Réka Albert, Emergence of Scaling in Random Networks Science. ,vol. 286, pp. 509- 512 ,(1999) , 10.1126/SCIENCE.286.5439.509
Richard Kemmerer, Christopher Kruegel, Giovanni Vigna, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Your botnet is my botnet: analysis of a botnet takeover computer and communications security. pp. 635- 647 ,(2009) , 10.1145/1653662.1653738
J.J.D. Mol, J.A. Pouwelse, D.H.J. Epema, H.J. Sips, Free-Riding, Fairness, and Firewalls in P2P File-Sharing international conference on peer-to-peer computing. pp. 301- 310 ,(2008) , 10.1109/P2P.2008.10