Botnet Forensic: Issues, Challenges and Good Practices

Bijalwan, Anchit; Solanki, Vijender Kumar; Pilli, Emmanuel S.

doi:10.5296/npa.v10i2.13144

Cited by 6 publications

(3 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The database systems involved also can't maintain and preserve the integrity, originality and confidentiality of the collected evidence as well as the related chain of custody of various events that occurred in a specific sequence while collecting, transferring, storing, analyzing and interpreting the evidence to solve a cybercrime incident [11,12]. While on the other hand cybercriminals instigate malicious activities through multimedia and network devices such as business credential leakages, information theft and unauthorized access [13]. This allows hackers and other intruders to forge and tamper with the collected evidence.…”

Section: Introductionmentioning

confidence: 99%

MF-Ledger: Blockchain Hyperledger Sawtooth-Enabled Novel and Secure Multimedia Chain of Custody Forensic Investigation Architecture

et al. 2021

View full text Add to dashboard Cite

Due to globalization and worldwide connectivity, multimedia data exchange has increased significantly over the Internet in the last decade. The life cycle of multimedia content is also getting more multifaceted as more people are accessing, sharing, modifying and re-using multimedia information. This poses serious challenges for the multimedia industry to provide integrity, reliability and trustworthiness for multimedia investigations against the growing cybersecurity threats. This paper bridges this gap by enabling a secure and transparent digital forensic investigations process using blockchain technology. MF-Ledger a Blockchain Hyperledger sawtooth-enabled novel, secure and efficient digital forensic investigation architecture is proposed where participating stakeholders create a private network to exchange and agree on different investigation activities before being stored on the blockchain ledger. We have created digital contracts (smart contracts) and implemented them using sequence diagrams to handle the stakeholders' secure interaction in the investigation process. The proposed architectural solution delivers robust information integrity, prevention, and preservation mechanism to permanently and immutably store the evidence (chain of custody) in a private permissioned encrypted blockchain ledger.

show abstract

Section: Introductionmentioning

confidence: 99%

MF-Ledger: Blockchain Hyperledger Sawtooth-Enabled Novel and Secure Multimedia Chain of Custody Forensic Investigation Architecture

et al. 2021

View full text Add to dashboard Cite

show abstract

“…A bot is a malicious program that acts upon botherder's command. Botherder executes this bot illegally further for the selfinterest, which is called bot attack [1]. Bot attack is difficult to handle as botnet rapidly germinates in order to get off the detection process.…”

Section: Introductionmentioning

confidence: 99%

Botnet Forensic Analysis Using Machine Learning

Bijalwan

2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Botnet forensic analysis helps in understanding the nature of attacks and the modus operandi used by the attackers. Botnet attacks are difficult to trace because of their rapid pace, epidemic nature, and smaller size. Machine learning works as a panacea for botnet attack related issues. It not only facilitates detection but also helps in prevention from bot attack. The proposed inquisition model endeavors improved quality of results by comprehensive botnet detection and forensic analysis. This scenario has been applied in eight different combinations of ensemble classifier technique to detect botnet evidence. The study is also compared to the ensemble-based classifiers with the single classifier using different parameters. The results exhibit that the proposed model can improve accuracy over a single classifier.

show abstract

“…Traffic analyzers can use different approaches: the first ones were based on recognizing known patterns inside the payloads of traffic 8,9 , but their main downside is that there exist obfuscation techniques to bypass these tools' analyses 10 . Recent proposals that use Machine Learning (ML) techniques 11 assume that botnet traffic reflects behavior of its related malware.…”

mentioning

confidence: 99%

Real-time botnet detection on large network bandwidths using machine learning

Velasco-Mata

González-Castro

Fidalgo

et al. 2023

Sci Rep

View full text Add to dashboard Cite

Botnets are one of the most harmful cyberthreats, that can perform many types of cyberattacks and cause billionaire losses to the global economy. Nowadays, vast amounts of network traffic are generated every second, hence manual analysis is impossible. To be effective, automatic botnet detection should be done as fast as possible, but carrying this out is difficult in large bandwidths. To handle this problem, we propose an approach that is capable of carrying out an ultra-fast network analysis (i.e. on windows of one second), without a significant loss in the F1-score. We compared our model with other three literature proposals, and achieved the best performance: an F1 score of 0.926 with a processing time of 0.007 ms per sample. We also assessed the robustness of our model on saturated networks and on large bandwidths. In particular, our model is capable of working on networks with a saturation of 10% of packet loss, and we estimated the number of CPU cores needed to analyze traffic on three bandwidth sizes. Our results suggest that using commercial-grade cores of 2.4 GHz, our approach would only need four cores for bandwidths of 100 Mbps and 1 Gbps, and 19 cores on 10 Gbps networks.

show abstract

Botnet Forensic: Issues, Challenges and Good Practices

Cited by 6 publications

References 56 publications

MF-Ledger: Blockchain Hyperledger Sawtooth-Enabled Novel and Secure Multimedia Chain of Custody Forensic Investigation Architecture

MF-Ledger: Blockchain Hyperledger Sawtooth-Enabled Novel and Secure Multimedia Chain of Custody Forensic Investigation Architecture

Botnet Forensic Analysis Using Machine Learning

Real-time botnet detection on large network bandwidths using machine learning

Contact Info

Product

Resources

About