2010
DOI: 10.1016/j.cose.2009.07.007
|View full text |Cite
|
Sign up to set email alerts
|

On the detection and identification of botnets

Abstract: We develop and discuss automated and self-adaptive systems for detecting and classifying botnets based on machine learning techniques and integration of human expertise. The proposed concept is purely passive and is based on analyzing information collected at three levels: (i) the payload of single packets received, (ii) observed access patterns to the darknet at the level of network traffic, and (iii) observed contents of TCP/IP traffic at the protocol level.We illustrate experiments based on real-life data c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
12
0

Year Published

2011
2011
2021
2021

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 22 publications
(15 citation statements)
references
References 12 publications
0
12
0
Order By: Relevance
“…While the solutions in (Valeur, Vigna, Kruegel, & Kemmerer, 2004) have been initial honeynet-based solutions, many papers discussed detecting and tracking botnets for different honeynet configurations. The second approach, based on passive network monitoring and analysis, can be classified as signature-based, DNS-based, anomaly-based and mining-based (Feily et al, 2009;Seewald & Gangsterer, 2010). These two approaches and sub classifications are detailed below.…”
Section: Botnet Detectionmentioning
confidence: 99%
See 2 more Smart Citations
“…While the solutions in (Valeur, Vigna, Kruegel, & Kemmerer, 2004) have been initial honeynet-based solutions, many papers discussed detecting and tracking botnets for different honeynet configurations. The second approach, based on passive network monitoring and analysis, can be classified as signature-based, DNS-based, anomaly-based and mining-based (Feily et al, 2009;Seewald & Gangsterer, 2010). These two approaches and sub classifications are detailed below.…”
Section: Botnet Detectionmentioning
confidence: 99%
“…According to the US FBI and public trackers, at least a million bots are known to exist like ShadowServer and the true number is likely to be much higher. The number of bots is also still growing at an exponential rate (Seewald & Gangsterer, 2010).…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…A vast majority of spams today spread out from networks comprised of hijacked computers that are called bots or zombies and are controlled by spam operators [11,12]. Another widespread method that spammers use to hide their identities is to use open proxies [13].…”
Section: Behavior Of Spammersmentioning
confidence: 99%
“…Botnet is a collection of software robots, or in short termed 'bots', that run autonomously and automatically. The term botnet [3,4] can also be used to refer to any group of bots, such as IRC bots (Internet Relay Chat bots). In general, botnet refers to a collection of compromised computers, or Zombie computers that receive instructions from command and control (C&C) servers.…”
Section: Introductionmentioning
confidence: 99%