P2P Botnet Detection Based on Nodes Correlation by the Mahalanobis Distance

Yang, Zhixian; Wang, Buhong

doi:10.3390/info10050160

Cited by 2 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For statistical approaches, the authors in [44] have used Mahalanobis distance to calculate the correlation between nodes in order to detect botnets. Mahalanobis distance can express correlations among indirectly connected nodes based on their traffic with commonly connected nodes.…”

Section: Related Workmentioning

confidence: 99%

“…Mahalanobis distance can express correlations among indirectly connected nodes based on their traffic with commonly connected nodes. In [44], an iterative algorithm was proposed to get the correlation coefficient between the nodes with a pre-defined threshold of 85% to detect P2P botnets. Authors in [19] have proposed a hybrid distributed solution that combines a quantitative model and distributed threat intelligence.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

et al. 2021

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

et al. 2021

View full text Add to dashboard Cite

“…As P2P bots frequently communicate with each other, community detection techniques have proven effective in detecting them [5,27,23]. Statistical approaches have also been used to identify correlations between nodes and thus infer botnet affiliations [26,15].…”

Section: Related Workmentioning

confidence: 99%

LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks

Giaretta

Lekssays

Carminati

et al. 2021

Computer Security – ESORICS 2021

View full text Add to dashboard Cite

IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase. While previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model called LiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.

show abstract

P2P Botnet Detection Based on Nodes Correlation by the Mahalanobis Distance

Cited by 2 publications

References 21 publications

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks

Contact Info

Product

Resources

About