Packet sampling for worm and botnet detection in TCP connections

Braun, Lothar; Münz, Gerhard; Carle, Georg

doi:10.1109/noms.2010.5488473

Cited by 12 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After analyzing real worms and botnet traffic with Snort, Braun et al [153] concluded that the majority of the signatures of such attacks can be found by checking the first few kilobytes of payload during TCP connections. They employed two timeout Bloom filters that are composed of timestamps instead of bits to respectively store the start and end time of a connection.…”

Section: Knowledge-based Methods Against Worm Attacksmentioning

confidence: 99%

Security Data Collection and Data Analytics in the Internet: A Survey

Jing

Yan

Pedrycz

2019

IEEE Commun. Surv. Tutorials

101

View full text Add to dashboard Cite

Section: Knowledge-based Methods Against Worm Attacksmentioning

confidence: 99%

Security Data Collection and Data Analytics in the Internet: A Survey

Jing

Yan

Pedrycz

2019

IEEE Commun. Surv. Tutorials

101

View full text Add to dashboard Cite

“…Hence, UDP traffic was excluded from further analysis and the training phase focused on TCP traffic only. This was plausible as botnets involve a series of communications between the bot master and the mobile botnets that is based on TCP traffic [6]. Following the packets and stream labeling, the features used for training were: Packets/Stream Frame Duration, Packets/Stream Packet Size, and Arguments Number in HTTP Request URL.…”

Section: Dataset Generationmentioning

confidence: 99%

MBotCS: A Mobile Botnet Detection System Based on Machine Learning

Meng

Spanoudakis

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract. As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning techniques. Our approach has been evaluated using real mobile device traffic captured from Android mobile devices, running normal apps and mobile botnets. In the evaluation, we investigated the use of 5 machine learning classifier algorithms and a group of machine learning box algorithms with different validation schemes. We have also evaluated the effect of our approach with respect to its effect on the overall performance and battery consumption of mobile devices. Permanent repository link

show abstract

“…In general, an attacker conducts the bots to launch a variety of types of attacks such as phishing and spamming with a botn et, and then receives benefits from a variety of aspects such as economy and social security. Most of methods to detect bot's activities according to predefined patterns and signatures retrieved from well-known bots 3,4,5,6,7,8 . Although signature-based approaches are able to detect bots accurately, it is difficult to detect botnet in real time.…”

Section: Introductionmentioning

confidence: 99%

Fast Parallel Network Packet Filter System based on CUDA

Hung

Guo²

2014

IJNDC

View full text Add to dashboard Cite

In recent years, with the rapid development of the network hardware and software, the network speed is enhanced to multi-gigabit. Network packet filtering is an important strategy of network security to avoid malicious attacks, and it is a computation-consuming application. Therefore, we develop two efficient GPGPU-based parallel packet classification approaches to filter packets by leveraging thousands of threads. The experiment results demonstrate that the computational efficiency of filtering packet can be significantly enhanced by using GPGPU.

show abstract

Packet sampling for worm and botnet detection in TCP connections

Cited by 12 publications

References 22 publications

Security Data Collection and Data Analytics in the Internet: A Survey

Security Data Collection and Data Analytics in the Internet: A Survey

MBotCS: A Mobile Botnet Detection System Based on Machine Learning

Fast Parallel Network Packet Filter System based on CUDA

Contact Info

Product

Resources

About