Botnet and P2P Botnet Detection Strategies: A Review

Dhayal, Himanshi; Kumar, Jitender

doi:10.1109/iccsp.2018.8524529

Cited by 15 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most popular types of malware seek to retrieve and maintain communication on a regular basis with Command and Control servers (C&C servers) which are under the control of a malicious user, so that they can collect, transfer information, and upgrades to the infected devices (bots) [17], [18]. This communication is usually done using hardcoded addresses, or a pool of addresses controlled by the creator of the malware or network.Modern programming techniques enable malware developers to use thousands of alternating IP addresses to communicate with C&C servers.…”

Section: Demystifying Malicious Trafficmentioning

confidence: 99%

Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework

et al. 2021

View full text Add to dashboard Cite

Attackers are perpetually modifying their tactics to avoid detection and frequently leverage legitimate credentials with trusted tools already deployed in a network environment, making it difficult for organizations to proactively identify critical security risks. Network traffic analysis products have emerged in response to attackers’ relentless innovation, offering organizations a realistic path forward for combatting creative attackers. Additionally, thanks to the widespread adoption of cloud computing, Device Operators (DevOps) processes, and the Internet of Things (IoT), maintaining effective network visibility has become a highly complex and overwhelming process. What makes network traffic analysis technology particularly meaningful is its ability to combine its core capabilities to deliver malicious intent detection. In this paper, we propose a novel darknet traffic analysis and network management framework to real-time automating the malicious intent detection process, using a weight agnostic neural networks architecture. It is an effective and accurate computational intelligent forensics tool for network traffic analysis, the demystification of malware traffic, and encrypted traffic identification in real time. Based on a weight agnostic neural networks (WANNs) methodology, we propose an automated searching neural net architecture strategy that can perform various tasks such as identifying zero-day attacks. By automating the malicious intent detection process from the darknet, the advanced proposed solution is reducing the skills and effort barrier that prevents many organizations from effectively protecting their most critical assets.

show abstract

Section: Demystifying Malicious Trafficmentioning

confidence: 99%

Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Figure 4 shows the utilization of CPU after the malicious activity. According to the literature review [25]- [27], whenever your device become a part of Bot network the Bot-master will boost the device and network traffic flow. After analyzing the literature review and performing multiple experiments on devices, we found that when a device is not infected, CPU utilization is between 20% to 40%, while when a device is a part of bot network and they are following orders, the CPU utilization is >= 70%.…”

Section: Results and Discussion On Host Behaviour Analysis And Identi...mentioning

confidence: 99%

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Padhiar

Patel

2023

IJEECS

View full text Add to dashboard Cite

A botnet is one of the most dangerous forms of security issues. It infects unsecured computers and transmit malicious commands. By using botnet, the attacker can launch a variety of attacks, such as distributed denial of service (DDoS), data theft, and phishing. The botnet may contain a lot of infected hosts and its size is usually large. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. We proposed a host-based approach that detects a host, that has been compromised by observing the flow of in-out bound traffic. To prove the existence of command and control communication, we examine host network flow. Once the bot process has been identified in the host being monitored, this knowledge allows blocking any in/out traffic with the bot’s server. In addition to providing information about the compromised machine’s IP address and how it communicates with servers, the log file is generated, which can provide data about the command and control (C&C) servers. Most existing work on detecting botnet is based on flow-based traffic analysis by mining their communication patterns. Our work distinguishes itself from other methods of bot detection from its ability to use real-time host-related data for detection.

show abstract

“…Botnet communications are classified into (Dhayal and Kumar, 2018): 1) Centralized botnet (i.e., the client-server model) 2) Decentralized Botnet (i.e., peer to peer communication model), and 3) Hybrid model For instance, Mirai, Muhstik, Toraii, Hakai, Trojan, Gagfyt, Okiru, Kenjiro, Hajime, IRCBot, Hide and seek botnets are the most common botnet attacks (Hegde et al, 2020).…”

Section: B Botnet Evasion Attacksmentioning

confidence: 99%

Cyber Security Threats and Countermeasures using Machine and Deep Learning Approaches: A Survey

Manjula¹,

Venkatesh²,

Venugopal³

2023

Journal of Computer Science

View full text Add to dashboard Cite

Recent advancements in e-business, e-healthcare, e-governance, and online digital transactions have brought valuable benefits. Unfortunately, it raises severe cyber-attacks. Cyberattacks disrupt normal operations, try to retrieve confidential information and defense secrets, and subvert the nation's defense systems and Internet-connected devices. Cyber security solutions are required to detect, analyze, defend against threats and protect sensitive data from unauthorized access. This study gives a detailed survey of different cybersecurity attacks, like Denial-of-service attacks, Botnet Evasion Attacks, Malware invasions, Spam and phishing invasion, Spoofing, Domain Generation algorithms, Probing attacks, R2L, and U2R attacks. This research review emphasizes Machine Learning and Deep Learning-based approaches to Cybersecurity problems. This study's key highlights are the research challenges, cybersecurity issues, cyber security domains, and tools for the Intrusion detection system. Data sets play a vital role in cybersecurity research; hence, Private and Publically available datasets are reviewed in this study. Various performance matrices are discussed in this survey which can be used to evaluate the effectiveness of cybersecurity solutions.

show abstract

Botnet and P2P Botnet Detection Strategies: A Review

Cited by 15 publications

References 7 publications

Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework

Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Cyber Security Threats and Countermeasures using Machine and Deep Learning Approaches: A Survey

Contact Info

Product

Resources

About