Botnet C&amp;C Traffic and Flow Lifespans Using Survival Analysis

Oujezský, Václav; Horváth, Tomáš; Skorpil, Vladislav

doi:10.11601/ijates.v6i1.205

Cited by 6 publications

(7 citation statements)

References 5 publications

(7 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Oujezsky et al analyzed botnet's behavior to extract lifespans of C&C communication. The dataset includes real world and simulated botnet traffic.…”

Section: Related Workmentioning

confidence: 99%

Botnet detection based on network flow summary and deep learning

Pektaş

Acarman

2018

Int J Network Mgmt

View full text Add to dashboard Cite

A botnet is a group of compromised Internet-connected devices controlled remotely by cyber criminals to launch coordinated attacks and to perform various malicious activities. Since botnets continuously adapt themselves to the evolving countermeasures introduced by both network and host-based detection mechanism, the traditional approaches do not provide adequate protection to botnet threat. On the one hand, behavioral analysis of network traffic can play a key role to detect botnets. For instance, behavioral analysis can be applied to observe and discover communication patterns that botnets operate during their life cycle. On the other hand, deep learning has been successfully applied to various classification tasks, and it is also a promising solution for botnet discovery. In this paper, we apply deep neural network to detect botnet by modeling network traffic flow. The performance of the proposed method is evaluated with publicly available large-scale communication traces. The experimental results illustrate that deep learning is an efficient and effective method for identifying botnet traffic with a high true positive rate (attack detection rate) and low false positive alarm rate.Int J Network Mgmt. 2018;28:e2039.wileyonlinelibrary.com/journal/nem

show abstract

“…Oujezsky et al analyzed botnet's behavior to extract lifespans of C&C communication. The dataset includes real world and simulated botnet traffic.…”

Section: Related Workmentioning

confidence: 99%

Botnet detection based on network flow summary and deep learning

Pektaş

Acarman

2018

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…To achieve this objective, they usually plant some form of a backdoor or create a C&C channel to allow them to re-enter the system at will [26]. C&C activity is initiated when an attacker compromises an end-user device and transforms that device into a bot that listens out for instructions issued by the botmaster [8], [26].…”

Section: Malware Command and Controlmentioning

confidence: 99%

Detection of Algorithmically Generated Malicious Domain

Agyepong¹,

Buchanan²,

Jones³

2018

Computer Science &Amp; Information Technology

View full text Add to dashboard Cite

show abstract

“…Cyber-criminals like to maintain control of devices and hosts they compromise for long term benefits such as financial gain [16]. To achieve this objective, they usually plant some form of a backdoor or create a C&C channel to allow them to re-enter the system at will [26]. C&C activity is initiated when an attacker compromises an end-user device and transforms that device into a bot that listens out for instructions issued by the botmaster [8], [26].…”

Section: Malware Command and Controlmentioning

confidence: 99%

Section: Malware Command and Controlmentioning

confidence: 99%

“…Although there are several types of C&C communication channels, for example, using of protocols such as Hypertext Transfer Protocol (HTTP), Internet Relay Chat (IRC) and many more [26], traditionally, cyber-criminals tend to rely on a centralised topology to control their victims by hardcoding their IP addresses or domain names in their malware binaries to allow persistent access between a server they control and a compromised device [16], [30]. Often, the cybercriminals include one or more static domains or IP addresses in their source code as observed with the WannaCry ransomware [9], [40].…”

Section: Malware Command and Controlmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Algorithmically Generated Malicious Domain Using Frequency Analysis

Agyepong¹,

Buchanan²,

Jones³

2018

IJCSIT

View full text Add to dashboard Cite

Malicious use and exploitation of Dynamic Domain Name Services (DDNS) capabilities poses a serious threat to the information security of organisations and businesses. In recent times, many malware writers have relied on DDNS to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most elusive and difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach's feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmically-generated domain names. When a weighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of the domain names were treated as non-human generated.

show abstract

Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

Cited by 6 publications

References 5 publications

Botnet detection based on network flow summary and deep learning

Botnet detection based on network flow summary and deep learning

Detection of Algorithmically Generated Malicious Domain

Detection of Algorithmically Generated Malicious Domain Using Frequency Analysis

Contact Info

Product

Resources

About