2017
DOI: 10.1002/nem.1977
|View full text |Cite
|
Sign up to set email alerts
|

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

Abstract: Summary Botnets, as one of the most aggressive threats, has used different techniques, topologies, and communication protocols in different stages of their lifecycle since 2003. Hence, identifying botnets has become very challenging specifically given that they can upgrade their methodology at any time. Various detection approaches have been proposed by the cyber‐security researchers, focusing on different aspects of these threats. In this work, 5 different botnet detection approaches are investigated. These s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
14
0

Year Published

2018
2018
2022
2022

Publication Types

Select...
7
1

Relationship

1
7

Authors

Journals

citations
Cited by 14 publications
(14 citation statements)
references
References 30 publications
0
14
0
Order By: Relevance
“…One of the objectives was to find the feature sets that best describe the botnets and to return a solution that is suitable for a signaturebased botnet detection system. Their results were compared against Snort and Bothunter to confirm the advancement of proposed method over packet payload inspection based systems [14].…”
Section: Rule Based and Supervised Learning Based Botnet Detectionmentioning
confidence: 98%
See 1 more Smart Citation
“…One of the objectives was to find the feature sets that best describe the botnets and to return a solution that is suitable for a signaturebased botnet detection system. Their results were compared against Snort and Bothunter to confirm the advancement of proposed method over packet payload inspection based systems [14].…”
Section: Rule Based and Supervised Learning Based Botnet Detectionmentioning
confidence: 98%
“…As the tools are equipped with many rules/policies which aim to cover a wide variety of possible network conditions, the system administrators need to determine which signatures are necessary and enable them accordingly to match their network conditions. Otherwise, they need to run the tools with default configurations, which may cause a huge amount of false alarms [14]. Based on Snort, Gu et al [11] used a botnet life-cycle model to develop BotHunter.…”
Section: Rule Based and Supervised Learning Based Botnet Detectionmentioning
confidence: 99%
“…Many research studies were conducted on attacker profiling from the viewpoint of malware creation. Mohaisen A, et al classified the malware group through dynamic analysis based on the API behavior that occurs when executing malware and estimated the same attacker [1,2,24,25,26], whereas Kinable, et al studied the method of malicious code classification through static analysis based on the call graph of malicious code [3,4,27]. Regarding attacker profiling from the viewpoint of botnet, Gu, G., M. Feily, et al conducted a study on analyzing the attack resources possessed by the same attacker by detecting botnets and analyzing the command and control channel [5,6].…”
Section: Related Workmentioning
confidence: 99%
“…Their assumption is that the presence of high-entropy flows (detected from the encrypted packets payloads) together with existing botnets events (detected from the non-encrypted packets payloads by BotHunter) could identify botnets using encrypted network traffic. However, if all the packets payloads are encrypted [14], it will be hard for their approach to perform. The flow-based detection systems have advantage over the packetbased systems that applying deep packet inspection (DPI) on the payload information (e.g., BotHunter [9]) given that they can be applied to encrypted traffic.…”
Section: Related Workmentioning
confidence: 99%