A new architecture for detecting DDoS/brute forcing attack and destroying the botnet behind

Zahid, Mohammed; Belmekki, Abdelhamid; Mezrioui, Abdellatif

doi:10.1109/icmcs.2012.6320256

Cited by 6 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many researches were done for detecting DDoS or fighting against them by providing new architectures and algorithms like probabilistic packet marking algorithm that allows detecting the attack source [4] and the architecture that detects the DDoS/Brute forcing attacks for destroying the Botnet behind [5]. However, researchers have to implement a big…”

Section: The Existing Test Methodsmentioning

confidence: 99%

“…For studying the Botnet attacks behavior and fight against them, researchers need huge resources in terms of machines and network equipments in order to establish the real word conditions. Those conditions can help when testing algorithms like detections and trace-back ones [4] [5]. For that, five basic requirements that emulation/simulation tool should provide was defined:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A New Scalable Framework for Emulating Huge Networks

Zahid¹,

Mezrioui²,

Belmekki³

2014

IJCA

View full text Add to dashboard Cite

Network emulation and simulation tools are widely used for preproduction, studies and researches purposes. This success is due to the quality of result they provide compared to the real equipments. Another advantage of the network simulators is that the cost of studies and experiences are exponentially reduced especially for networks that use expensive hardware or a big number of nodes. In the work done for fighting against Distributed Denial of Service (DDoS) based on Botnet (malicious programs that take the control of many machines on behalf of the owners in order to attack services or send spams), a real time test of the trace-back and counter-attack algorithms is needed. So the emulation tool should be scalable in order to create thousands of bots with fewer resources. Unfortunately, the existing emulation/simulation tools suffer from some limitations like the nodes number that cannot exceed hundreds, have simulation concept or not scalable. That's why it was decided to develope a new network emulator that implements huge networks. The aim of this paper is to present this new scalable framework that help to emulate network equipments and application based on UDP and TCP protocols with a huge number of nodes. It was developed basically for emulating DDoS attacks based on Botnets but it can be used for any other purposes like stress test for HTTP servers or telephony over IP services etc. BACKGROUND AND MOTIVATIONThis section explains the existing test methods and the reasons behind developing such framework. The existing test methodsMany researches were done for detecting DDoS or fighting against them by providing new architectures and algorithms like probabilistic packet marking algorithm that allows detecting the attack source [4] and the architecture that detects the DDoS/Brute forcing attacks for destroying the Botnet behind [5]. However, researchers have to implement a big

show abstract

Section: The Existing Test Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A New Scalable Framework for Emulating Huge Networks

Zahid¹,

Mezrioui²,

Belmekki³

2014

IJCA

View full text Add to dashboard Cite

show abstract

“…Accordingly, the posterior probability of class C for a given sample with k features is shown in Eq. (4).…”

Section: B: Naive Bayes (Nb)mentioning

confidence: 99%

“…The associate editor coordinating the review of this manuscript and approving it for publication was Jiafeng Xie. denial of service malicious behavior [4], phishing [5] and scanning attacks [6].…”

Section: Introductionmentioning

confidence: 99%

Collaborative Framework for Early Detection of RAT-Bots Attacks

2019

View full text Add to dashboard Cite

Attackers tend to use Remote Access Trojans (RATs) to compromise and control a targeted computer, which makes the RAT detection as an active research field. This paper introduces a machine learning-based framework for detecting compromised hosts and networks that are infected by the RAT-Bots. The proposed framework consists of two agents that are integrated to achieve reliable early detection of the RAT-bots. The first agent, the host agent, is responsible for monitoring the system behavior of the running host and raising an alarm for any anomalies. The second agent, the network agent, monitors the network traffic to extract any malicious patterns. The integrated approach improves both the detection ratio and accuracy. However, each approach cannot separately achieve the same performance as the proposed RAT-Bots detection framework. The performance of the introduced framework is evaluated by using real-world benchmark datasets. The experimental results show that the proposed approach can achieve an accuracy of 98.83% with 1.45% false positive rate.

show abstract

“…Botmaster can perform distinctive sort of cybercrime like DDoS, click misrepresentation, phishing extortion, key logging, bit coins' extortion, spamming, sniffing traffic, spreading new malware, google AdSense maltreatment with bots [6]. These days the botnet is turning into the base of all cybercrime which is performed through the internet [7] [8]. Botmaster utilize distinctive strategies to contaminate a client gadget to make it bot (zombie) like drive by download, email and pilfered programming's are the most well-known method for attacks [9][10].…”

Section: Introductionmentioning

confidence: 99%

Detection Approach for Botnets with Cross Cluster Correlation

Prasad¹,

Surekha²,

Swetha³

2019

IJCA

View full text Add to dashboard Cite

Botnets are presently the key stage for some Internet assaults, for example, spam, dispersed foreswearing of-benefit (DDoS), fraud, and phishing. The vast majority of the current botnet identification approaches work just on particular botnet order and control (C&C) conventions (e.g., IRC) and structures (e.g., brought together), and can progress toward becoming insufficient as botnets change their C&C strategies. In this paper, we present a general identification structure that is autonomous of botnet C&C convention and structure, what's more, requires no from the earlier information of botnets, (for example, caught bot parallels and henceforth the botnet marks, what's more, C&C server names/addresses). We begin from the definition and fundamental properties of botnets. We characterize a botnet as an organized gathering of malware occurrences that are controlled by means of C&C correspondence channels. The fundamental properties of a botnet are that the bots speak with some C&C servers/peers, perform malevolent exercises, and do as such in a comparative or related way. As needs be, our identification system groups comparative correspondence activity and comparative malevolent movement, and performs cross group connection to recognize the hosts that offer both comparative correspondence designs also, comparable vindictive movement designs. These hosts are in this way bots in the checked system. We have actualized our BotMiner model framework and assessed it utilizing numerous genuine system follows. The outcomes demonstrate that it can recognize certifiable botnets (IRC-based, HTTP-based, and P2P botnets including Nugache and Tempest worm), and has a low false positive rate.

show abstract

A new architecture for detecting DDoS/brute forcing attack and destroying the botnet behind

Cited by 6 publications

References 6 publications

A New Scalable Framework for Emulating Huge Networks

A New Scalable Framework for Emulating Huge Networks

Collaborative Framework for Early Detection of RAT-Bots Attacks

Detection Approach for Botnets with Cross Cluster Correlation

Contact Info

Product

Resources

About