A Collaborative Approach to Botnet Protection

Stevanovic, Matija; Revsbech, Kasper; Pedersen, Jens Myrup; Sharp, Robin; Jensen, Christian Damsgaard

doi:10.1007/978-3-642-32498-7_47

Cited by 9 publications

(7 citation statements)

References 19 publications

(37 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, BotMosaic [Houmansadr and Borisov 2012a] is impressive to interpolate network traffic and then track the bots by proliferation with collaboration. Wang and Gong [2009], Tseng et al [2011], and Stevanovic et al [2012] employ both approaches and largely focus on the collaboration to raise the accuracy of detection. As shown in Figure 2, host anomalies and network traffic (denoted as message 1 ) can be captured by the detection unit and sent to the collaboration unit for further detection.…”

Section: Discussionmentioning

confidence: 99%

“…The central server will process, aggregate, and correlate these logs, and detect some potential attacks. In other literature [Wong 2006;Agarwal et al 2010;Oliner et al 2012;Stevanovic et al 2012], offline analysis is conducted while nodes are continuing their job without being blocked by the analysis results.…”

Section: Timeliness Of Analysismentioning

confidence: 99%

“…In Schmidt et al [2009], each mobile phone first carries out static ELF analysis then extracts feature vectors from the output to share. ContraBot [Stevanovic et al 2012] is one of typical botnet detection systems that filters and preprocesses feature data in advance to improve effectiveness and scalability.…”

Section: Shared Informationmentioning

confidence: 99%

See 2 more Smart Citations

Collaborative Security

et al. 2015

View full text Add to dashboard Cite

Security is oftentimes centrally managed. An alternative trend of using collaboration in order to improve security has gained momentum over the past few years. Collaborative security is an abstract concept that applies to a wide variety of systems and has been used to solve security issues inherent in distributed environments. Thus far, collaboration has been used in many domains such as intrusion detection, spam filtering, botnet resistance, and vulnerability detection. In this survey, we focus on different mechanisms of collaboration and defense in collaborative security. We systematically investigate numerous use cases of collaborative security by covering six types of security systems. Aspects of these systems are thoroughly studied, including their technologies, standards, frameworks, strengths and weaknesses. We then present a comprehensive study with respect to their analysis target, timeliness of analysis, architecture, network infrastructure, initiative, shared information and interoperability. We highlight five important topics in collaborative security, and identify challenges and possible directions for future research. Our work contributes the following to the existing research on collaborative security with the goal of helping to make collaborative security systems more resilient and efficient. This study (1) clarifies the scope of collaborative security, (2) identifies the essential components of collaborative security, (3) analyzes the multiple mechanisms of collaborative security, and (4) identifies challenges in the design of collaborative security.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Timeliness Of Analysismentioning

confidence: 99%

See 1 more Smart Citation

Collaborative Security

et al. 2015

View full text Add to dashboard Cite

show abstract

“…Nowadays, especially during the global COVID-19 pandemic, there is no longer a debate that the Internet has become a core element of our daily life. Today's Internet is about online presence, e-learning, social media, e-banking, work from home, online shopping, Internet of Things, and cloud computing (Stevanovic et al, 2012;Nozomi Networks Labs, 2020;Lallie et al, 2020). Unfortunately, Internet resources are continuously under threat by malicious actors, whether individual or organised entities.…”

Section: Introductionmentioning

confidence: 99%

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Al-Mashhadi

Anbar

Hasbullah

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Botnets can simultaneously control millions of Internet-connected devices to launch damaging cyber-attacks that pose significant threats to the Internet. In a botnet, bot-masters communicate with the command and control server using various communication protocols. One of the widely used communication protocols is the ‘Domain Name System’ (DNS) service, an essential Internet service. Bot-masters utilise Domain Generation Algorithms (DGA) and fast-flux techniques to avoid static blacklists and reverse engineering while remaining flexible. However, botnet’s DNS communication generates anomalous DNS traffic throughout the botnet life cycle, and such anomaly is considered an indicator of DNS-based botnets presence in the network. Despite several approaches proposed to detect botnets based on DNS traffic analysis; however, the problem still exists and is challenging due to several reasons, such as not considering significant features and rules that contribute to the detection of DNS-based botnet. Therefore, this paper examines the abnormality of DNS traffic during the botnet lifecycle to extract significant enriched features. These features are further analysed using two machine learning algorithms. The union of the output of two algorithms proposes a novel hybrid rule detection model approach. Two benchmark datasets are used to evaluate the performance of the proposed approach in terms of detection accuracy and false-positive rate. The experimental results show that the proposed approach has a 99.96% accuracy and a 1.6% false-positive rate, outperforming other state-of-the-art DNS-based botnet detection approaches.

show abstract

“…Day by day the dependency on the Internet has increased in our daily lives, mainly in many important fields such as educational organizations, communication companies, government facilities, banking, and e-commerce. This adds many difficulties in managing the web and utilizing the application, for example, protecting the user data, integrity, privacy, and availability [1]. All these reasons changed the consideration of attackers to thinking about financial advantages, the attackers utilize diverse malware to accomplish their objectives.…”

Section: Introductionmentioning

confidence: 99%

Botnet detection using ensemble classifiers of network flow

Algelal¹,

Aldhaher²,

Abdul-Wadood³

et al. 2020

IJECE

View full text Add to dashboard Cite

Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.

show abstract

A Collaborative Approach to Botnet Protection

Cited by 9 publications

References 19 publications

Collaborative Security

Collaborative Security

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Botnet detection using ensemble classifiers of network flow

Contact Info

Product

Resources

About