Architecture for applying data mining and visualization on network flow for botnet traffic detection

ICCTD 2009 - 2009 International Conference on Computer Technology and Development

Volumn 1, Issue , 2009, Pages 33-37

  Shahrestani, Alireza ^a,b   Feily, Maryam ^b   Ahmad, Rodina ^a   Ramadass, Sureswaran ^b  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b SCHOOL OF PHYSICS   (Malaysia)

Author keywords

Botnet; Botnet detection; Data mining; Visualization

Indexed keywords

ANOMALY DETECTION; BOTNET; BOTNET DETECTION; BOTNETS; CATASTROPHIC DAMAGE; CYBER SECURITY; CYBERCRIME; DETECTION SYSTEM; DISTRIBUTED DENIAL OF SERVICE ATTACK; ERROR RATE; FLOW BASED; MALICIOUS TRAFFIC; NETWORK FLOWS; NETWORK INTRUSION DETECTION METHOD; PHISHING; REMOTE COMPUTERS; TRAFFIC DETECTION; TRUST MODELS;

COMPUTER CRIME; ERROR DETECTION; INTRUSION DETECTION; NETWORK SECURITY; PERSONAL COMPUTING; VISUALIZATION;

DATA VISUALIZATION;

EID: 77951130249     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICCTD.2009.82     Document Type: Conference Paper

References (20)

1. T. Ferguson, "Botnets threaten the internet as we know it, " ZDNet Australia, April 2008.
2. M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "A multifaceted approach to understanding the botnet phenomenon, " in Proc. 6th ACM SIGCOMM Conference on Internet Measurement (IMC'06), 2006, pp. 41-52.
3. N. Ianelli, A. Hackworth, "Botnets as a vehicle for online crime, " CERT Request for Comments (RFC) 1700, December 2005.
4. M. M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, and K. W. Hamlen, "Flow-based Identification of Botnet Traffic by Mining Multiple Log Files, " in Proc. International Conference on Distributed Frameworks & Applications (DFMA), Penang, Malaysia, October 21-22, 2008.
5. W. Strayer, D. Lapsley, B. Walsh, and C. Livadas, Botnet Detection Based on Network Behavior ser. Advances in Information Security. Springer, 2008, PP. 1-24.
6. Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P.Roberts, and K. Han, "Botnet Research Survey, " in Proc. 32nd Annual IEEE International Conference on Computer Software and Applications (COMPSAC '08), 2008, pp.967- 972.
7. K. K. R. Choo, "Zombies and Botnets, " Trends and issues in crime and criminal justice, no. 333, Australian Institute of Criminology, Canberra, March 2007.
8. G. Schaffrath and B. Stiller, Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection LNCS, Springer, 2008, PP. 190-194.
9. H. Weststrate, "Botnet detection using netflow information Finding new botnets based on client connections" in Proc. 10th Twente Student Conference on IT, 2009.
10. The MITRE Corporation, "Data Mining for Network Intrusion Detection: How to Get Started, " [Online]. Available: http://www.mitre.org/work/tech- papers/tech-papers-01/bloedorn-datamining/bloedorn-datamining.pdf. [Accessed: March. 12, 2009].
11. J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by irc nickname evaluation, " in Proc. 1st Workshop on Hot Topics in Understanding Botnets, 2007.
12. W. Strayer, D. Lapsley, B. Walsh, and C. Livadas, Botnet Detection Based on Network Behavior, ser. Advances in Information Security. Springer, 2008, PP. 1-24.
13. P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, P. Tan, "Data Mining Methods for Network Intrusion Detection" in Proc. NSF Workshop on Next Generation Data Mining, 2002.
14. E.M. Knorr and R. T. Ng [1998]. "Algorithms for Mining Distance-Based Outliers in Large Datasets", in Proc. 24th Int. Conference on Very Large Databases, 1998, pp. 392-403.
15. S. Ramaswarny, R. Rastogi, and K. Shim. "Efficient Algorithms for Mining Outliers from Large Data Sets", in Proc. ACM Sigmod 2000 Int. Conference on Management of Data, 2001.
16. R. Johnson and P. Kuby, Elementary Statistics, Brooks-Cole, Toronto, Ontario, Canada, 2004.
17. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "Botminer: Clustering analysis of network traffic for protocol- and structure independent botnet detection, " in Proc. 17th USENIX Security Symposium, 2008.
18. C. Skorupka,, J. Tivel, L. Talbot, D. Debarr, W. Hill, E. Bloedorn, and A. Christiansen. "Surf the Flood: Reducing High-Volume Intrusion Detection Data by Automated Record Aggregation, " in Proc. SANS 2001 Technical Conference, 2001.
19. A. Giani, I. G. De Souza, V. Berk, and G. Cybenko, "Attribution and Aggregation of Network Flows for Security Analysis, " White Paper. January 2008.
20. J. E. Clark, C. P. Lee, R. Menon, and V. Rood, "HoneyTrap: Visualization for Monitoring Honeynets, " [Online]. Available: http://idt.gatech.edu/~rmenon/newfolio/files/honeytrap/honeytrap.pdf [Accessed: March. 17, 2009].