Containment of network worms via per-process rate-limiting

Zeng, Yuanyuan; Hu, Xin; Wang, Haixiong; Shin, Kang G.; Bose, Abhijit

doi:10.1145/1460877.1460895

Cited by 2 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As demonstrated Zeng et al in [12], proposed an individual host-level preservation system. Each hostspecific containment system includes two elements: i) behaviour analysis component and ii) containment model.…”

Section: Botnet Detection At the Host Sidementioning

confidence: 94%

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Padhiar

Patel

2023

IJEECS

View full text Add to dashboard Cite

A botnet is one of the most dangerous forms of security issues. It infects unsecured computers and transmit malicious commands. By using botnet, the attacker can launch a variety of attacks, such as distributed denial of service (DDoS), data theft, and phishing. The botnet may contain a lot of infected hosts and its size is usually large. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. We proposed a host-based approach that detects a host, that has been compromised by observing the flow of in-out bound traffic. To prove the existence of command and control communication, we examine host network flow. Once the bot process has been identified in the host being monitored, this knowledge allows blocking any in/out traffic with the bot’s server. In addition to providing information about the compromised machine’s IP address and how it communicates with servers, the log file is generated, which can provide data about the command and control (C&C) servers. Most existing work on detecting botnet is based on flow-based traffic analysis by mining their communication patterns. Our work distinguishes itself from other methods of bot detection from its ability to use real-time host-related data for detection.

show abstract

Section: Botnet Detection At the Host Sidementioning

confidence: 94%

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Padhiar

Patel

2023

IJEECS

View full text Add to dashboard Cite

show abstract

“…In [12], Zeng et al proposed a per-process level containment technique for each host in the monitored network. e per-process containment consists of two components: behavior analysis component and containment model.…”

Section: Botnet Detection At the Host Sidementioning

confidence: 99%

“…However, our proposed solution, which is hybrid solution based on network and host analysis, outperforms existing solutions in terms of accuracy rate and false positive rate. e works in [9,12] utilize the effectiveness of host level analysis for more accurate results. ese approaches, as our approach, monitored registry and file system in each host.…”

Section: Comparisonmentioning

confidence: 99%

Hybrid Botnet Detection Based on Host and Network Analysis

Almutairi¹,

Mahfoudh

Almutairi³

et al. 2020

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

Botnet is one of the most dangerous cyber-security issues. The botnet infects unprotected machines and keeps track of the communication with the command and control server to send and receive malicious commands. The attacker uses botnet to initiate dangerous attacks such as DDoS, fishing, data stealing, and spamming. The size of the botnet is usually very large, and millions of infected hosts may belong to it. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. Thus, we propose a general technique capable of detecting new botnets in early phase. Our technique is implemented in both sides: host side and network side. The botnet communication traffic we are interested in includes HTTP, P2P, IRC, and DNS using IP fluxing. HANABot algorithm is proposed to preprocess and extract features to distinguish the botnet behavior from the legitimate behavior. We evaluate our solution using a collection of real datasets (malicious and legitimate). Our experiment shows a high level of accuracy and a low false positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.

show abstract

Containment of network worms via per-process rate-limiting

Cited by 2 publications

References 18 publications

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Behaviour based botnet detection with traffic analysis and flow intervals at the host level

Hybrid Botnet Detection Based on Host and Network Analysis

Contact Info

Product

Resources

About