BotTrack: Tracking Botnets Using NetFlow and PageRank

Jérôme, François; Wang, Shaonan; State, Radu; Engel, Thomas

doi:10.1007/978-3-642-20757-0_1

Cited by 87 publications

(62 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, this approach must be paired with some other malware detection scheme to clearly distinguish botnets from regular flows. Francois et al [68] have proposed an approach called 'BotTrack' where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. They have used the popular linkage analysis algorithm called 'PageRank' with an additional clustering process to efficiently detect botnets.…”

Section: Graph-based Methods For Botnet Detectionmentioning

confidence: 99%

Botnet detection using graph-based feature clustering

et al. 2017

View full text Add to dashboard Cite

Section: Graph-based Methods For Botnet Detectionmentioning

confidence: 99%

Botnet detection using graph-based feature clustering

et al. 2017

View full text Add to dashboard Cite

“…In the literature, there are different approaches focusing on the analysis of NetFlow data. In [7], the authors focused on host dependency modelling using NetFlow data analysis and malware detection. However, they focus only on peer-to-peer communication schemes.…”

Section: Related Work In Countering Botnets and Malwarementioning

confidence: 99%

Pattern Extraction Algorithm for NetFlow-Based Botnet Activities Detection

Kozik

Choraś

2017

Security and Communication Networks

View full text Add to dashboard Cite

As computer and network technologies evolve, the complexity of cybersecurity has dramatically increased. Advanced cyber threats have led to current approaches to cyber-attack detection becoming ineffective. Many currently used computer systems and applications have never been deeply tested from a cybersecurity point of view and are an easy target for cyber criminals. The paradigm of security by design is still more of a wish than a reality, especially in the context of constantly evolving systems. On the other hand, protection technologies have also improved. Recently, Big Data technologies have given network administrators a wide spectrum of tools to combat cyber threats. In this paper, we present an innovative system for network traffic analysis and anomalies detection to utilise these tools. The systems architecture is based on a Big Data processing framework, data mining, and innovative machine learning techniques. So far, the proposed system implements pattern extraction strategies that leverage batch processing methods. As a use case we consider the problem of botnet detection by means of data in the form of NetFlows. Results are promising and show that the proposed system can be a useful tool to improve cybersecurity.

show abstract

“…We have summarized the information presented in Section VI in Table IV. Although detecting network-based attacks and its patterns generated considerable recent research interest [31]- [33], research in automated attack reaction has not yet been studied as in depth [15]. However, methods of calculating the impact of an attack [34] or the costs related to a response [35] have been proposed by the scientific community.…”

Section: Evaluation Summarymentioning

confidence: 99%

Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack?

Ossenbuhl¹,

Steinberger

Baier³

2015

2015 Ninth International Conference on IT Security Incident Management &Amp; IT Forensics

View full text Add to dashboard Cite

The increasing amount of network-based attacks evolved to one of the top concerns responsible for network infrastructure and service outages. In order to counteract these threats, computer networks are monitored to detect malicious traffic and initiate suitable reactions. However, initiating a suitable reaction is a process of selecting an appropriate response related to the identified network-based attack. The process of selecting a response requires to take into account the economics of an reaction e.g., risks and benefits. The literature describes several response selection models, but they are not widely adopted. In addition, these models and their evaluation are often not reproducible due to closed testing data. In this paper, we introduce a new response selection model, called REASSESS, that allows to mitigate network-based attacks by incorporating an intuitive response selection process that evaluates negative and positive impacts associated with each countermeasure. We compare REASSESS with the response selection models of IE-IRS, ADEPTS, CS-IRS, and TVA and show that REASSESS is able to select the most appropriate response to an attack in consideration of the positive and negative impacts and thus reduces the effects caused by an network-based attack. Further, we show that REASSESS is aligned to the NIST incident life cycle. We expect REASSESS to help organizations to select the most appropriate response measure against a detected network-based attack, and hence contribute to mitigate them.

show abstract

BotTrack: Tracking Botnets Using NetFlow and PageRank

Cited by 87 publications

References 33 publications

Botnet detection using graph-based feature clustering

Botnet detection using graph-based feature clustering

Pattern Extraction Algorithm for NetFlow-Based Botnet Activities Detection

Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack?

Contact Info

Product

Resources

About