BotFlex: A community-driven tool for botnet detection

Khattak, Sheharbano; Ahmed, Zaafar; Syed, Affan A.; Khayam, Syed Ali

doi:10.1016/j.jnca.2015.10.002

Cited by 15 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other near real-time detection mechanisms, Reference [119] proposes an open-source network-based botnet detection and mitigation tool called BotFlex. The tool functions as an intrusion detection system (IDS), passively listening to network traffic and determining botnet traffic from various parameters such as blacklists, C&C detection, outbound spam and more.…”

Section: Machine Learning and Network-based Detection Mechanismsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

show abstract

Section: Machine Learning and Network-based Detection Mechanismsmentioning

confidence: 99%

“…Reference [119] proposes the use of a community driven framework, BotFlex, to continually improve mitigation of botnets across the entire IT community. The approach attempts to standardise network-based intrusion detection systems with an extensible module system.…”

Section: Community Driven Tools Against Botnetsmentioning

confidence: 99%

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

show abstract

“…Then, prevention mechanisms, like the Moving Target Detection (MTD) [40], can reduce the attack's side-effects. BotFlex [41] is a state-of-the-art community-driven solution for network monitoring. The raw data of the inspected networking operations, which have been performed by the underlying machines, are transformed in high-level events (e.g.…”

Section: Countermeasuresmentioning

confidence: 99%

WARDOG: Awareness Detection Watchdog for Botnet Infection on the Host Device

Hatzivasilis

Soultatos

Chatziadam

et al. 2021

IEEE Trans. Sustain. Comput.

View full text Add to dashboard Cite

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG-an awareness and digital forensic system that informs the end-user of the botnet's infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field.

show abstract

“…Figure 2 illustrates the structure of SEA. 1 2 τ of them updates SRE. This checking process accelerates the scanning speed greatly.…”

Section: Sliding Linear Estimatormentioning

confidence: 99%

“…Super point cardinality estimation has been researched for a long time because of its importance [1][2] [3]. And many excellent algorithms have been proposed recent years [4] [5] .…”

Section: Introductionmentioning

confidence: 99%

SRLA: A Real Time Sliding Time Window Super Point Cardinality Estimation Algorithm for High Speed Network Based on GPU

Ding

Gong

et al. 2018

2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference On

View full text Add to dashboard Cite

Super point is a special host in network which communicates with lots of other hosts in a certain time period. The number of hosts contacting with a super point is called as its cardinality. Cardinality estimating plays important roles in network management and security. All of existing works focus on how to estimate super point's cardinality under discrete time window. But discrete time window causes great delay and the accuracy of estimating result is subject to the starting of the window. sliding time window, moving forwarding a small slice every time, offers a more accuracy and timely scale to monitor super point's cardinality. On the other hand, super point's cardinality estimating under sliding time window is more difficult because it requires an algorithm can record the cardinality incrementally and report them immediately at the end of the sliding duration. This paper firstly solves this problem by devising a sliding time window available algorithm SRLA. SRLA consists of two cardinality estimating algorithms, sliding rough estimator SRE and sliding linear estimator SLE. SRE is used to detect super point while scanning packets and it generates a candidate super point list at the end of a sliding time window. With this candidate super point list, SLE estimates the cardinality of every candidate super point fast and accurately. SRLA's ability of working under sliding time window comes from a novel cardinality recorder, distance recorder DR. DR records the time a host appearing and helps SRE and SLE to judge if a host contacting with a super point is in a certain time period. SRLA could run parallel to deal with high speed network in line speed. This paper also gives the way to deploy SRLA on a common GPU. Experiments on real world traffics which have 40 GB/s bandwidth show that SRLA estimates super point's cardinality within 100 milliseconds under sliding time window when running on a Nvidia GPU GTX650 with 1 GB memory. The estimating time of SRLA is much smaller than that of other algorithms which consumes more than 2000 milliseconds under discrete time window.

show abstract

BotFlex: A community-driven tool for botnet detection

Cited by 15 publications

References 21 publications

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

WARDOG: Awareness Detection Watchdog for Botnet Infection on the Host Device

SRLA: A Real Time Sliding Time Window Super Point Cardinality Estimation Algorithm for High Speed Network Based on GPU

Contact Info

Product

Resources

About