A fuzzy pattern-based filtering algorithm for botnet detection

Wang, Kuochen; Huang, Chun-Ying; Lin, Shang-Jyh; Lin, Ying-Dar

doi:10.1016/j.comnet.2011.05.026

Cited by 69 publications

(57 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A bot's activity behavior. [30]. Therefore, the detection rates are improved and the error rates are reduced significantly.…”

Section: Related Workmentioning

confidence: 94%

“…However, these approaches take longer to filter a packet set captured off a giga-bit network interface than it took the set to arrive, making them infeasible for realtime traffic reduction. Therefore, we integrate GPU based packet filtering approach [13] into botnet detection tool [30] to enhance the performance of the tool. Figure 2 shows the proposed architecture.…”

Section: Methodsmentioning

confidence: 99%

“…Wang et al [30] proposed a bot detection method based on fuzzy pattern recognition approach. In this solution, the network traffic is reduced by a traffic reduction algorithm to filter the packets that are not needed to be processed in the next steps.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Parallel botnet detection system by using GPU

Hung

Wang

2014

2014 IEEE/ACIS 13th International Conference on Computer and Information Science (ICIS)

View full text Add to dashboard Cite

In recent years, botnet is one of the major threats to network security. Many approaches have been proposed to detect botnets by comparing bot features. Usually, these approaches adopt traffic reduction strategy as first step to reduce the flow to following strategies by filtering packets. With the rapid development of network hardware and software the network speed has reached to multi-gigabit. However, analyzing header and payload of every packet consumes huge amount of computational resources and is not suitable for many realistic situations. Although signaturebased solutions are accurate, it is not possible to detect bot variants in real-time. In this study, we proposed a GPU-based botnet detection approach. The experimental results show that the network traffic reduction stage on GPU can achieve about 8x times over CPU based botnet detection tool. The proposed algorithm can used to improve the performance of botnet detection tools efficiently.

show abstract

“…A bot's activity behavior. [30]. Therefore, the detection rates are improved and the error rates are reduced significantly.…”

Section: Related Workmentioning

confidence: 94%

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Parallel botnet detection system by using GPU

Hung

Wang

2014

2014 IEEE/ACIS 13th International Conference on Computer and Information Science (ICIS)

View full text Add to dashboard Cite

show abstract

“…Since the signature generation is based on the extraction of frequent communication patterns, it is also not applicable to encrypted communication. Wang et al proposed a fuzzy pattern-based filtering algorithm [23]. This algorithm depends on the DNS query patterns, so that the botnet, especially for the Web-based botnet, can easily avoid the filtering by directly using IP address to communicate.…”

Section: Related Workmentioning

confidence: 99%

Detecting Web-Based Botnets Using Bot Communication Traffic Features

Hsu

Hwang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.

show abstract

“…They also discover that some of these bots generate a large number of destination unreachable error messages (DU) and connection reset error messages while trying to connect to other peers. Wang [6] explain some of the features and challenges when dealing with the Nugache P2P botnet. Hammadi [7] conclude that there is no static IDS that will detect Nugache traffic.…”

Section: Introductionmentioning

confidence: 99%