A cooperative botnet profiling and detection in virtualized environment

Abstract: Abstract-Cloud security becomes an important topic in recent years, as to overcome the botnet in a virtualized environment is a critical task for the cloud providers. Although numerous intrusion detection systems are available, yet it is not practical to install IDS in every virtual machine. In this paper, we argue that a virtual machine monitor (VMM) can support certain security functions that our proposed design can actively collect information directly from the VMM without installing an agent in the guest O… Show more

“…Their study also shows that these bots mostly infect countries in Europe and America. Supporting this is [5], which further proves the effectiveness of behaviourbased detection systems. On a virtual machine (VM), a detection agent is installed, which monitors the processes and their spawned processes to build a behaviour profile and bot process activity log(s).…”

“…At the network level, removal of malware can be performed by agents installed locally or by the use of a continuous communication protocol with a master device. This validates of the integrity of local hosts and allows administrators to perform removal of botnet-enabling malware from hosts, either automatically or manually [5,176,205].…”

“…Very botnet-specific, can introduce additional latency at network edge. [5,84,98,136,176,[201][202][203][204][205]…”

“…A botnet is a network of malware-infected hosts, which are typically controlled by a Command and Control (C&C) server. The C&C server architecture allows for distributed malicious attacks on either the infected hosts or other interconnected hosts over LAN or the internet [5,6]. C&C servers are commonly known as the botmasters, while infected hosts are simply referred to as bots [1].…”

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

“…Their study also shows that these bots mostly infect countries in Europe and America. Supporting this is [5], which further proves the effectiveness of behaviourbased detection systems. On a virtual machine (VM), a detection agent is installed, which monitors the processes and their spawned processes to build a behaviour profile and bot process activity log(s).…”

“…At the network level, removal of malware can be performed by agents installed locally or by the use of a continuous communication protocol with a master device. This validates of the integrity of local hosts and allows administrators to perform removal of botnet-enabling malware from hosts, either automatically or manually [5,176,205].…”

“…Very botnet-specific, can introduce additional latency at network edge. [5,84,98,136,176,[201][202][203][204][205]…”

“…A botnet is a network of malware-infected hosts, which are typically controlled by a Command and Control (C&C) server. The C&C server architecture allows for distributed malicious attacks on either the infected hosts or other interconnected hosts over LAN or the internet [5,6]. C&C servers are commonly known as the botmasters, while infected hosts are simply referred to as bots [1].…”

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

“…In contrast, the horizontal similarity index or HSI aims to find similarities amongst different mobile devices activities in a network. The Jaccard Index metric shown in formula 4 is employed by both vertical and horizontal indexes to measure the level of similarities in the history of single device along with similarities of group of mobile devices [26].…”

Mobile Botnet Detection Model based on Retrospective Pattern Recognition

Malware Family Characterization with Recurrent Neural Network and GHSOM Using System Calls