An anomaly-based botnet detection approach for identifying stealthy botnets
作者: Maghsoud Abbaspour , Mehdi Kharrazi , Sajjad Arshad , Hooman Sanatkar
DOI: 10.1109/ICCAIE.2011.6162198
关键词:
摘要: Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial service (DDoS) attacks. Most previous researches have introduced fully or partially signature-based botnet detection approaches. In this paper, we propose a anomaly-based approach that requires no priori knowledge bot signatures, C&C protocols, server addresses. We start from inherent characteristics botnets. Bots connect to the channel execute received commands. belonging same receive commands causes them having similar netflows performing Our method clusters bots with attacks in different time windows perform correlation identify infected hosts. developed prototype system evaluated it real-world traces including normal traffic several traces. The results show our has high accuracy low false positive.
neu.edu
sci-hub.st 参考文章(14)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Paul Barford, Vinod Yegneswaran, An Inside Look at Botnets Advances in Information Security. pp. 171- 191 ,(2007) , 10.1007/978-0-387-44599-1_8
Suresh Singh, James R. Binkley, An algorithm for anomaly-based botnet detection conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2006)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Dan Pelleg, Andrew W. Moore, X-means: Extending K-means with Efficient Estimation of the Number of Clusters international conference on machine learning. pp. 727- 734 ,(2000)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Carl Livadas, Robert Walsh, David Lapsley, W. Timothy Strayer, Usilng Machine Learning Technliques to Identify Botnet Traffic local computer networks. pp. 967- 974 ,(2006) , 10.1109/LCN.2006.322210