Peer to peer botnet detection based on flow intervals

IFIP Advances in Information and Communication Technology

Volumn 376 AICT, Issue , 2012, Pages 87-102

  Zhao, David ^a   Traore, Issa ^a   Ghorbani, Ali ^b   Sayed, Bassam ^a   Saad, Sherif ^a   Lu, Wei ^c  

^a UNIVERSITY OF VICTORIA   (Canada)

^b UNIVERSITY OF NEW BRUNSWICK   (Canada)

^c KEENE STATE COLLEGE   (United States)

Author keywords

Botnet; Network Flows; Network Intrusion Detection; Traffic Behavior Analysis

Indexed keywords

DENIAL-OF-SERVICE ATTACK; INTRUSION DETECTION; LEARNING SYSTEMS; NETWORK SECURITY;

BOTNET DETECTIONS; CLASSIFICATION TECHNIQUE; COMPLETE NETWORKS; MACHINE LEARNING CLASSIFICATION; NETWORK FLOWS; NETWORK INTRUSION DETECTION; SELECTION OF ATTRIBUTES; TRAFFIC BEHAVIOR;

BOTNET;

EID: 84863885019     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-30436-1_8     Document Type: Conference Paper

References (21)

1. Abu, R.M., et al.: A Multifaceted Approach to Understanding the Botnet Phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement. ACM, New York (2006) ISBN:1-59593-561-4
2. Grizzard, J.B., et al.: Peer-to-Peer Botnets: Overview and Case Study. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, Berkeley (2007)
3. Holz, T., et al.: Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. USENIX Association, Berkeley (2008)
4. Faily, M., Shahrestani, A., Ramadass, S.: A Survey of Botnet and Botnet Detection. In: Third International Conference on Emerging Security Information, Systems and Technologies (2009)
5. Leonard, J., Shouhuai, X., Sandhu, R.: A Framework for Understanding Botnets. In: International Workshop on Advances in Information Security. Fukuoka Institute of Technology, Fukuoka (2009)
6. Sperotto, A., et al.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys & Tutorial 12(3) (2010)
7. Gu, G., et al.: BotHunter: Deteting Malware Infection Through IDS-Driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, pp. 167-182 (2007)
8. Gu, G., et al.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, San Jose (2008)
9. Yu, X., et al.: Online Botnet Detection Based on Incremental Discrete Fourier Transform. Journal of Networks 5(5) (2010)
10. Livadas, C., et al.: Using Machine Learning Techniques to Identify Botnet Traffic. In: 2nd IEEE LCN Workshop on Network Security, pp. 967-974 (2006)
11. Wang, B., et al.: Measuring Peer-to-Peer Botnets Using Control Flow Stability. In: International Conference on Availability, Reliability and Security, Fukuoka, p. 663 (2009), 978-1-4244-3572-2
12. Al-Duwairi, B., Al-Ebbini, L.: BotDigger: A Fuzzy Inference System for Botnet Detection. In: The Fifth International Conference on Internet and Applications and Services, Barcelona (2010)
13. Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)
14. Ricardo, V.-S., José, B.C.: Bayesian Bot Detection Based on DNS Traffic Similarity. In: Proceedings of the 2009 ACM Symposium on Applied Computing, pp. 2035-2041. ACM, Honolulu (2009), 978-1-60558-166-8
15. Jun, L., et al.: P2P Traffic Identification Technique. In: International Conference on Computational Intelligence and Security, Harbin, pp. 37-41 (2007), 0-7695-3072-9
16. Sinclair, G., Nunnery, C., Kang, B.B.: The Waledac Protocol: The How and Why. In: Proceeding of 4th IEEE International Conference on Malicious and Unwanted Software (2009)
17. The Honeynet Project, French Chapter | The Honeynet Project. The Honeynet Project, http://www.honeynet.org/chapters/france
18. Szabó, G., Orincsay, D., Malomsoky, S., Szabó, I.: On the Validation of Traffic Classification Algorithms. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 72-81. Springer, Heidelberg (2008)
19. Lawrence Berkeley National Laboratory and ICSI., LBNL/ICSI Enterprise Tracing Project. LBNL Enterprise Trace Repository (2005), http://www.icir.org/ enterprise-tracing
20. Witten, I.H., et al.: Weka: Practical Machine Learning Tools and Techniques (1999)
21. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of USENIX LISA 1999 (1999)