Collaborative Framework for Early Detection of RAT-Bots Attacks

Awad, Ahmed A.; Sayed, Samir G.; Salem, Sameh A.

doi:10.1109/access.2019.2919680

Cited by 6 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on literature [14], there are three major methods of botnet detection such as host-based detection, honeynet detection and network-based detection. Recently, machine learning based detection has become the most widely used for detecting botnets methods as proven by previous literature [15], [16], [4], [5]. In addition, the number and complexity of IoT devices is also growing, it has become important to develop effective botnet detection methods.…”

Section: Related Workmentioning

confidence: 99%

“…However, this framework lacks emphasis on earlystage prevention. In contrast, the collaborative framework presented by [16] provides a comprehensive approach to botnet detection, incorporating a two-phase decision-making process involving the Host Agent Detector (HAD) and Network Agent Detector (NAD). HAD captures suspicious behavior using machine learning models, extracting features from network logs.…”

Section: A Botnet Detection Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

Muhammad,

Ismail,

Hassan

2024

IJACSA

View full text Add to dashboard Cite

In the dynamic landscape of evolving cyber threats, Security Operations Centers (SOCs) play an important role in protecting digital assets. Among these threats, botnets are particularly challenging due to their ability to take over many devices and launch coordinated attacks. Through comparative analysis, the research gaps in existing frameworks have been identified. Based on these insights, a botnet detection and incident response framework aligned with SOC practices has been proposed. This proposed framework emphasizes proactive measures by integrating threat intelligence, detection and monitoring tools to detect botnet attack and facilitate rapid response. Future research will focus on conducting evaluation and validation studies to assess the effectiveness and performance of the framework in controlled environments. This effort will contribute to develop the framework and ensuring it aligns with practical cybersecurity needs.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: A Botnet Detection Frameworkmentioning

confidence: 99%

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

Muhammad,

Ismail,

Hassan

2024

IJACSA

View full text Add to dashboard Cite

show abstract

“…That latter point is essential, especially regarding mobile malware investigations. A user may unknowingly grant permissions to a malicious app masquerading as a legitimate one, allowing it to secretly access the camera, microphone, keylogger, RAT command, send spam SMS messages, or use WiFi/Bluetooth for further propagation [28,29]. They know what app has permission(s) to help an examiner explain a device's potentially malicious behavior.…”

Section: Potential Threatmentioning

confidence: 99%

Analysis of Anubis Trojan Attack on Android Banking Application Using Mobile Security Labware

Riadi¹,

Sunardi²,

Aprilliansyah³

2023

IJSSE

View full text Add to dashboard Cite

Mobile banking transactions, especially on the Android platform, are now a method often used to carry out payment and shopping activities in e-commerce. Security risks in mobile banking and online banking on the Android platform have security and privacy issues that must be maintained. Kaspersky conducted research on banking Trojans and found 97,661 variants of banking Trojans and 17,372 new variants. Based on this, this investigation was conducted by using mobile security labware to simulate and analyze the Anubis Trojan malware on Android devices. All activities are caused by the Anubis Trojan, which forces users to activate an access service that can read all users' activities and run them in the background. This research can help investigate the types of trojan malware on the Android operating system.

show abstract

“…This system will trigger an alert for the presence of Zeus bot if the three conditions regarding specific folder, network traffic and API hooks are all satisfied. Ahmed A.awad et al [26] introduced a machine learning-based framework for detecting compromised hosts and networks that are infected by the RAT-Bots. This method relies heavily on the host agent because its network agent starts to run until it receives the alarm sent by the host agent.…”

Section: Related Workmentioning

confidence: 99%

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

et al. 2020

View full text Add to dashboard Cite

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

show abstract

Collaborative Framework for Early Detection of RAT-Bots Attacks

Cited by 6 publications

References 29 publications

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

Analysis of Anubis Trojan Attack on Android Banking Application Using Mobile Security Labware

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Contact Info

Product

Resources

About