Bruno Martins Rahal scite author profile

Bruno Martins Rahal

2Publications

7Citation Statements Received

47Citation Statements Given

How they've been cited

How they cite others

Affiliations

Federal University of Paraná

Publications

Order By: Most citations

A Distributed Architecture for DDoS Prediction and Bot Detection

2020

View full text Add to dashboard Cite

Distributed Denial-of-Service (DDoS) attacks disrupt servers, services and the network, overloading the target resources and denying normal traffic. In order to defend from this attack, mitigation actions usually overprovision and sinkhole malicious traffic. Sooner the attack is detected, better is the mitigation. Hence, we advocate for using a prediction technique aiming to anticipate actions against the possible attack, before it effectively starts. Then, this article contributes to advance the state-of-the-art presenting a distributed architecture that identifies early signals of a possible DDoS attack and detects bots composing a botnet. The architecture identifies the malicious actors (bots) participating in the attack. The bot detection technique is triggered by the prediction of DDoS supported by early signals. Prediction identifies signals of attack on the network before it reaches advanced stages. Based on the metastability theory, it provides unsupervised statistical learning and identifies the imminence of DDoS attacks. The botnet detection is challenging because of the high dimension of data involved and because of resource constraints (memory and processing) in network devices. Network devices are clustered based on features extracted from the traffic and based on the causality between devices. Detection is performed per cluster. Performance evaluations took as input the CTU-13 Czech Republic University, CAIDA and Botnet 2014 datasets, efficiently detecting the bots in the dataset with an accuracy of 99.9%.

show abstract

BotFetcher: Um Método Híbrido de Detecção de Botnets

Rahal¹,

Moussa²,

Lima³

2020

View full text Add to dashboard Cite

Este trabalho apresenta BotFetcher, um método híbrido para detecção de botnets que considera técnicas de agrupamento e processamento de sinais em grafos. Botnets representam uma ameaça a redes de computadores, pois podem interromper seus serviços na Internet através da coordenação entre uma quantidade massiva de dispositivos infectados (bots), com prejuízos globais estimados em US$ 5,8 bilhões em 2019. BotFetcher contribui para a detecção em escala de botnets, principalmente aquelas formadas por dispositivos da IoT infectados, como as botnets Mirai, Hydra e LuaBot. A detecção dessas botnets é desafiadora devido à quantidade massiva de dados e às limitações de processamento e memória. Assim, BotFetcher agrupa os dispositivos de rede com base em características extraídas do tráfego e realiza a detecção por grupo a partir de indícios de causalidade entre os dispositivos. A avaliação do método teve como entrada a base de dados CTU-13 da Universidade da República Tcheca. BotFetcher detectou o bot no cenário 5 da base CTU-13, com 55 falsos-positivos e nenhum falso-negativo, entre os 39738 nós avaliados.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.