Automatically generating models for botnet detection
作者: Peter Wurzinger , Leyla Bilge , Thorsten Holz , Jan Goebel , Christopher Kruegel
DOI: 10.1007/978-3-642-04444-1_15
关键词:
摘要: A botnet is a network of compromised hosts that under the control single, malicious entity, often called botmaster. We present system aims to detect bots, independent any prior information about command and channels or propagation vectors, without requiring multiple infections for correlation. Our relies on detection models target characteristic fact every bot receives commands from botmaster which it responds in specific way. These are generated automatically traffic traces recorded actual instances. have implemented proposed approach demonstrate can extract effective variety different families. precise describing activity bots raise very few false positives.
springer.com
springerlink.com
acm.org 
researchgate.net 参考文章(41)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Suresh Singh, James R. Binkley, An algorithm for anomaly-based botnet detection conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2006)
Alexander Moshchuk, Steven D. Gribble, Arvind Krishnamurthy, John P. John, Studying spamming botnets using Botlab networked systems design and implementation. pp. 291- 306 ,(2009)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
John C. Mitchell, Elizabeth Stinson, Towards systematic evaluation of the evadability of bot/botnet detection methods usenix security symposium. pp. 5- ,(2008)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)