Detection of Bot Infected PCs Using Destination-Based IP and Domain Whitelists During a Non-Operating Term

Takemori, Keisuke; Nishigaki, Masakatsu; Takami, Tomohiro; Miyake, Yutaka

doi:10.1109/glocom.2008.ecp.399

Cited by 7 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [53], Takemori et al presented a system which monitors outbound packets from a host and compares with destinationbased whitelists. The whitelists are generated by observing an un-infected PC.…”

Section: ) Host-based Detectionmentioning

confidence: 99%

A Survey on Botnet Command and Control Traffic Detection

Ghafir¹,

Svoboda²,

Přenosil³

2015

Third International Conference on Advances in Computing, Communication and Information Technology- CCIT 2015

View full text Add to dashboard Cite

Internet users have been attacked by widespread email viruses earlier, but now scenario has been changed. Now attackers are no more interested to just attract media attention by infecting a large number of computers on the network; in fact, their interest has been shifted to compromising and controlling the infected computers for their personal profits. This new attack trend brings the concept of botnets over the global network of computers. With the high reported infection rates, the vast range of illegal activities and powerful comebacks, botnets are one of the main threats against the cyber security. This paper provides the readers with a background on botnet life-cycle, architecture and malicious activities. It also classifies botnet detection techniques, reviews the recent research works on botnet traffic detection and finally indicates some challenges posed to future work on botnet detection.

show abstract

Section: ) Host-based Detectionmentioning

confidence: 99%

A Survey on Botnet Command and Control Traffic Detection

Ghafir¹,

Svoboda²,

Přenosil³

2015

Third International Conference on Advances in Computing, Communication and Information Technology- CCIT 2015

View full text Add to dashboard Cite

show abstract

“…So proposed method of bandwidth assignment can work on both conditions when unintentionally DDoS type attack occur, when some server suddenly become popular and unexpected high number of users start browsing and using service of that servers or attacker intentionally attack on victim server by using its genuine IP, because if he/she use any fake IP or other fake identity method he/she will surely got caught cause in these days a number of methods are in use to prevent such type of DDoS attack as Wang H., Jin C., Shin K.G. [14] and Takemori Keisuke, Nishigaki Masakatsu [10] and Wang Shen, Guo Rui [23] suggests some methods.…”

Section: Bmentioning

confidence: 99%

A Dynamic Bandwidth Assignment Approach Under DDoS Flood Attack

Singh¹,

Verma²

2012

JAIT

View full text Add to dashboard Cite

Distributed denial-of-service (DDoS) attacks are a major threat to the Internet. A lot of research is going on to detect, prevent and trace back DDoS attacks. Most of researchers are busy in post attack forensics which comes after the attack has been occurred but nobody is talking about how to design a system which can tolerate such attacks. In this paper we have suggested a approach for dynamic assignment of bandwidth in order to sustain the server. Basic idea is to examine genuine IP user’s traffic flow based on volume. Divide traffic in two categories of genuine traffic and malicious traffic and assign bandwidth as per category. The idea is to design a system which can give services even when the server is under attack. However some performance will degrades but overall Quality of services will be acceptable. A new formula also has been derived for dynamic bandwidth assignment which is based on number of genuine users and traffic volumes of users and attackers.

show abstract