A taxonomy of Botnet detection techniques

Zeidanloo, Hossein Rouhani; Shooshtari, Mohammad Jorjor Zadeh; Amoli, Payam Vahdani; Safari, Mojtaba; Zamani, Mazdak

doi:10.1109/iccsit.2010.5563555

Cited by 79 publications

(49 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In taxonomic terms, one approach to feature identification for botnet traffic is that of application-based systems [9]. This includes such techniques as graph theory, machine learning, decision trees, and data mining.…”

Section: B Features Of Anomalous Trafficmentioning

confidence: 99%

Mining malware command and control traces

McLaren

Russell

Buchanan

2017

2017 Computing Conference

View full text Add to dashboard Cite

Abstract-Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection of malware command and control channels could help prevent further malicious activity by cyber criminals using the malware. Detection of malware in network traffic is traditionally carried out by identifying specific patterns in packet payloads. Now bot writers encrypt the command and control payloads, making pattern recognition a less effective form of detection. This paper focuses instead on an effective anomaly based detection technique for bot and advanced persistent threats using a data mining approach combined with applied classification algorithms. After additional tuning, the final test on an unseen dataset, false positive rates of 0% with malware detection rates of 100% were achieved on two examined malware threats, with promising results on a number of other threats.

show abstract

Section: B Features Of Anomalous Trafficmentioning

confidence: 99%

Mining malware command and control traces

McLaren

Russell

Buchanan

2017

2017 Computing Conference

View full text Add to dashboard Cite

show abstract

“…Another pioneering research group in the field of botnet that implemented in real network scenarios is the Honeynet project [12]. However, honeynets are found to be mostly useful in understanding botnet technology and characteristics, but do not necessarily detect bot infection [13], [14].…”

Section: Related Workmentioning

confidence: 99%

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Barthakur¹,

Dahal²,

Ghose³

2015

JACN

View full text Add to dashboard Cite

Abstract-Botnets are responsible for most of the security threats in the Internet. Botnet attacks often leverage on their coordinated structures among bots spread over a vast geographical area. In this paper, we propose CluSiBotHealer, a novel framework for detection of Peer-to-Peer (P2P) botnets through data mining technique. P2P botnets are more resilient structure of botnets (re)designed to overcome single point of failure of centralized botnets. Our proposed system is based on clustering of C&C flows within a monitored network for suspected bots. Leveraging on similarity of packet structures and flow structures of frequently exchanged C&C flows within a P2P botnet, our proposed system initially uses clustering of flows and then Jaccard similarity coefficient on sample sets derived from clusters for accurate detection of bots. Ours is a very effective and novel framework which can be used for proactive detection of P2P bots within a monitored network. We empirically validated our model on traces collected from three different P2P botnets namely Nugache, Waledac and P2P Zeus.

show abstract

“…They are networks of computers infected with malicious software that are connected over the Internet and can be instructed to carry out specific tasks -typically without the owners of those computers knowing it (Nadji et al, 2013;Plohmann et al, 2011;Whitehouse, 2014). Those who control botnets use them to steal identities, personal and financial information, illicitly gain access to bank accounts; distribute spam e-mails; shut down websites by overwhelming them with traffic (i.e., distributed denial-of-service or DDoS attacks); launch new custom-made botnets; or spread malware and ransomware (Cremonini & Riccardi, 2009;Plohmann et al, 2011;Zeidanloo et al, 2010).…”

Section: Introductionmentioning

confidence: 99%

“…The literature on botnet takedowns includes studies on accelerating the botnet takedown process (Nadji et al, 2013), employing botnet takedown methods (Dagon et. al., 2007;Freiling et al, 2005), minimizing botnet profitability (Tiirmaa-Klaar et al, 2013a), and detecting botnets (Dittrich, 2012;Nappa et al, 2010;Zeidanloo et al, 2010;Zhao et al, 2009). Studies have also looked at the managerial implications of botnet takedowns (Borrett et al, 2013;Scully, 2013), botnet lifecycles (Kok & Kurz, 2011), botnet types (Czosseck et al, 2011;Dagon et al, 2007), and practices to prevent and respond to botnet threats (Plohmann et al, 2011).…”

Section: Introductionmentioning

confidence: 99%

Botnet Takedown Initiatives: A Taxonomy and Performance Model

Shirazi

2015

Technology Innovation Management Review

View full text Add to dashboard Cite

A taxonomy of Botnet detection techniques

Cited by 79 publications

References 11 publications

Mining malware command and control traces

Mining malware command and control traces

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Botnet Takedown Initiatives: A Taxonomy and Performance Model

Contact Info

Product

Resources

About