Heuristics for Detecting Botnet Coordinated Attacks

Kazuya, Kuwabara; Kikuchi, Hiroaki; Terada, Masato; Fujiwara, Masashi

doi:10.1109/ares.2010.68

Cited by 8 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The botnet has a feature that coordinated attacks of multiple servers making a victim infected by a set of malwares [7]. For example, Table IV shows sequential infections observed the Cyber Clean Center (CCC) DATAset 2009, the captured packets data by 94 honeypots [5] in which a host is infected by three malwares, PE_VIRUT.AV, TROJ_BUZUS.AGB and WORM_SWTYMLAI.CD as scheduled in the same way.…”

Section: A Definitionmentioning

confidence: 99%

Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks

Ohrui

Kikuchi

Terada

et al. 2011

2011 14th International Conference on Network-Based Information Systems

Self Cite

View full text Add to dashboard Cite

This paper aims to detect features of coordinated attacks by applying data mining techniques, Apriori and PrefixSpan, to the CCC DATAset 2008-2010 which consists of the captured packets data and the downloading logs. Data mining algorithms allow us to automate detecting characteristics from large amount of data, which the conventional heuristics could not apply. Apriori achives high recall but with false positive, while PrefixSpan has high precision but low recall. Hence, we propose hybriding these algorithms. Our analysis shows the change in behavior of malware over the past 3 years.

show abstract

Section: A Definitionmentioning

confidence: 99%

Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks

Ohrui

Kikuchi

Terada

et al. 2011

2011 14th International Conference on Network-Based Information Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Botnets are detected using different characteristics of the network traffic, for example, using networks statistics , communication protocols , suspicious traffic behavior , graphical representations of behaviors , actions in honeypots , behavioral features , collaborative feedback in large networks and malicious actions . However, botnets evolve and thus make obsolete most detection methods.…”

Section: Introductionmentioning

confidence: 99%

Survey on network‐based botnet detection methods

García

Zunino

Campo

2013

Security Comm Networks

View full text Add to dashboard Cite

Botnets are an important security problem on the Internet. They continuously evolve their structure, protocols and attacks. This survey analyzes and compares the most important efforts carried out in a network‐based detection area. It accomplishes four tasks: first, the comparison of previous surveys and the proposal of four new dimensions to analyze their classification schemes; second, a new classification and comparison of network‐based botnet detection proposals, which includes the definition of 20 desired properties of every botnet detection paper; third, an extensive comparison between the most representative detection proposals; and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

“…Heuristic techniques for the detection of malware involved in botnet coordinated attacks [15] provide useful information for determining the characteristics of and relationships between botnet attacks. However, heuristic approaches are ad hoc and therefore unable to adapt to any new attack.…”

Section: Related Workmentioning

confidence: 99%

Analysis on the Sequential Behavior of Malware Attacks

Rosyid

Ohrui

Kikuchi

et al. 2011

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYOvercoming the highly organized and coordinated malware threats by botnets on the Internet is becoming increasingly difficult. A honeypot is a powerful tool for observing and catching malware and virulent activity in Internet traffic. Because botnets use systematic attack methods, the sequences of malware downloaded by honeypots have particular forms of coordinated pattern. This paper aims to discover new frequent sequential attack patterns in malware automatically. One problem is the difficulty in identifying particular patterns from full yearlong logs because the dataset is too large for individual investigations. This paper proposes the use of a data-mining algorithm to overcome this problem. We implement the PrefixSpan algorithm to analyze malware-attack logs and then show some experimental results. Analysis of these results indicates that botnet attacks can be characterized either by the download times or by the source addresses of the bots. Finally, we use entropy analysis to reveal how frequent sequential patterns are involved in coordinated attacks.

show abstract

Heuristics for Detecting Botnet Coordinated Attacks

Cited by 8 publications

References 7 publications

Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks

Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks

Survey on network‐based botnet detection methods

Analysis on the Sequential Behavior of Malware Attacks

Contact Info

Product

Resources

About