A Novel IRC Botnet Detection Method Based on Packet Size Sequence

Ma, Xiaobo; Guan, Xiaohong; Tao, Jing; Guo, Yanhui; Liu, L.; Zhao, Shirong

doi:10.1109/icc.2010.5502092

Cited by 21 publications

(12 citation statements)

References 14 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The false alarm rate of normal traffic for thresholds 4, 5, 6, 7 and 8 is 1%. In this experiment, we use different thresholds (1,2,3,4,5,6,7,8) to identify internet traffic. The results are shown in Figure 16, i.e., when the threshold reaches 3, the detection rate drops rapidly.…”

Section: Detection Results and Discussionmentioning

confidence: 99%

“…Compared to other malware programs which are being used to perform malicious conduct exclusively, a botnet functions as a gathering of contaminated hosts dependent on the C & C correspondence channel. A botnets system can be ordered into two principal classes dependent on the C & C foundation: brought together and decentralized C & C [3]. In incorporated botnets, the botmaster typically utilizes the C…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

et al. 2019

View full text Add to dashboard Cite

In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.

show abstract

Section: Detection Results and Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The IRC applications are then analyzed using temporal-frequent characteristics of flows to discriminate malicious IRC channels created by bots from legitimate IRC traffic. Ma et al [117] detect botnets from characteristics of packet size sequences of TCP conversations between zombies and their C&C servers. An approximate periodicity known as quasi-periodicity is observed in IRC botnet conversations.…”

Section: ) Botnet Attack Detection: Approaches and Methodsmentioning

confidence: 99%

Botnet in DDoS Attacks: Trends and Challenges

Hoque

Bhattacharyya

Kalita

2015

IEEE Commun. Surv. Tutorials

213

View full text Add to dashboard Cite

Threats of Distributed Denial of Service (DDoS) attacks have been increasing day-by-day due to rapid development of computer networks and associated infrastructure, and millions of software applications, large and small, addressing all varieties of tasks. Botnets pose a major threat to network security as they are widely used for many Internet crimes such as DDoS attacks, identity theft, email spamming and click fraud. Botnet based DDoS attacks are catastrophic to the victim network as they can exhaust both network bandwidth and resources of the victim machine. This paper presents a comprehensive overview of DDoS attacks, their causes, types with a taxonomy and technical details of various attack launching tools. A detailed discussion of several botnet architectures, tools developed using botnet architectures and pros and cons analysis are also included. Furthermore, a list of important issues and research challenges is also reported in the paper. Attacker Victim Web Server E-Mail 1553-877X (c)

show abstract

“…There are so many botnet detection techniques and tools are used worldwide in the literature. The general structure of botnet detection techniques are classified into two broad categories, IDSs and HoneyNets [12]. A honeynet is used to collect information from bots for further analysis to measure the intensity and vulnerability of the attack [9].…”

Section: Introductionmentioning

confidence: 99%

A Three Stage Botnet Detection Technique using Random and Obrazom Graph s

Akilandeswari,

Basha,

Baranivel

2020

IJITEE

View full text Add to dashboard Cite

This paper proposes three-stage botnet detection technique based on the anomaly and community detection. The first stage is a pragmatic node based distributed approach of sparse graph sequences. The second stage detects the bot from sparse matrix and correlations of interactions among the node. In the third stage, random graph is evaluating the performance of the bots and verified with both odd and even types of nodes. The same is extended and verified through Obrazom triple connected graphs. This verification is helpful to identify the aggressive bots through the optimized pivotal nodes. Machine Learning based Botnet Detection techniques are implemented in various levels like centralized and distributed level of networks. We can apply this three-stage bot detection in large-scale data.

show abstract

A Novel IRC Botnet Detection Method Based on Packet Size Sequence

Cited by 21 publications

References 14 publications

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

Botnet in DDoS Attacks: Trends and Challenges

A Three Stage Botnet Detection Technique using Random and Obrazom Graph s

Contact Info

Product

Resources

About