An Effective Conversation-Based Botnet Detection Method

Chen, Ruidong; Niu, Weina; Zhang, Xiaosong; Zhuo, Zhongliu; Lv, Fengmao

doi:10.1155/2017/4934082

Cited by 42 publications

(44 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In contrast, the human generated traffic does not contain any similarity due to miscellaneous activities. To capture the statistical similarity of botnet traffic, many P2P botnet detection schemes 2,[25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40] proposed in which a group of statistical features is introduced as a P2P botnet footprint. These features are extracted from the botnet traffic and context network traffic.…”

Section: Statistical Characteristicsmentioning

confidence: 99%

“…[25][26][27][28][29][30][31][32][33][34] In some proposals, the notion of conversation is defined by a 2-tuple (source IP and destination IP), and some features are introduced to characterize the conversations produced by bots. 35,36 The host-based footprints are extracted from the network traffic of each host (like the number of IP addresses it connected to). 2,[37][38][39][40] The proposed footprints related to each class are detailed in following subsections.…”

Section: Statistical Characteristicsmentioning

confidence: 99%

See 1 more Smart Citation

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Daneshgar

Abbaspour

2019

Int J Communication

View full text Add to dashboard Cite

Summary Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints.

show abstract

Section: Statistical Characteristicsmentioning

confidence: 99%

Section: Statistical Characteristicsmentioning

confidence: 99%

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Daneshgar

Abbaspour

2019

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Firstly, the hardcoded IP address can be identified by a security researcher reverse engineering the malware, allowing mitigating action to be taken that may involve blacklisting the IP address [16]. Secondly, if the C&C server goes down or the IP address is detected, the nefarious activity can be easily identified and blocked by a security administrator which means their compromised device will be out of the attacker's control [13], [47].…”

Section: Malware Command and Controlmentioning

confidence: 99%

“…Chen et al [13] suggest that the Peer-to-Peer (P2P) botnets infrastructure was one of the first architectural structures that criminals used for overcoming the limitations of the centralised C&C network approach. This is also known as a decentralised topology.…”

Section: Malware Command and Controlmentioning

confidence: 99%

Detection of Algorithmically Generated Malicious Domain

Agyepong¹,

Buchanan²,

Jones³

2018

Computer Science &Amp; Information Technology

View full text Add to dashboard Cite

show abstract

“…But these relations are not explicit and there are links among sources, types of attacks, reports, and incidents of the same type of attacks. Finally, the value is precisely the actionable knowledge that we can get from the cyber database from analyzing the quality of the data, automatized process, prediction of incidents, or detecting intrusion in different networks (see [30][31][32]). …”

Section: A Case Studymentioning

confidence: 99%

On Detecting and Removing Superficial Redundancy in Vector Databases

DeCastro-García

Castañeda

Rodríguez

et al. 2018

Mathematical Problems in Engineering

View full text Add to dashboard Cite

A mathematical model is proposed in order to obtain an automatized tool to remove any unnecessary data, to compute the level of the redundancy, and to recover the original and filtered database, at any time of the process, in a vector database. This type of database can be modeled as an oriented directed graph. Thus, the database is characterized by an adjacency matrix. Therefore, a record is no longer a row but a matrix. Then, the problem of cleaning redundancies is addressed from a theoretical point of view. Superficial redundancy is measured and filtered by using the 1-norm of a matrix. Algorithms are presented by Python and MapReduce, and a case study of a real cybersecurity database is performed.

show abstract

An Effective Conversation-Based Botnet Detection Method

Cited by 42 publications

References 23 publications

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Detection of Algorithmically Generated Malicious Domain

On Detecting and Removing Superficial Redundancy in Vector Databases

Contact Info

Product

Resources

About