A collaborative approach to botnet protection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7465 LNCS, Issue , 2012, Pages 624-638

  Stevanovic, Matija ^a   Revsbech, Kasper ^a   Pedersen, Jens Myrup ^a   Sharp, Robin ^b   Jensen, Christian Damsgaard ^b  

^a AALBORG UNIVERSITY   (Denmark)

^b TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

Author keywords

Botnet Detection; Botnets; Collaborative Framework; Correlation Analysis

Indexed keywords

ANTIVIRUS SOFTWARES; APPLICATION PROGRAMS; BOTNETS; COLLABORATIVE APPROACH; COLLABORATIVE FRAMEWORK; CORRELATION ANALYSIS; CURRENT TRENDS; DETECTION APPROACH; DETECTION FRAMEWORK; DETECTION TECHNIQUE; INTERNET-BASED SERVICES; MALICIOUS SOFTWARE; NETWORK TRAFFIC; NEUTRALISATION; PUBLIC ADMINISTRATION; SUB-SYSTEMS;

HEALTH CARE;

INTERNET;

EID: 84865661798     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-32498-7_47     Document Type: Conference Paper

References (37)

1. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of the 19th USENIX Security Symposium (Security 2010). USENIX Association (August 2010)
2. Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Journal of Computer Networks 56, 20-33 (2011)
3. Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 202-215 (May 2002)
4. Flaglien, A., Franke, K., Årnes, A.: Identifying malware using cross-evidence correlation. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics VII. IFIP ACIT, ch.13, vol. 361, pp. 169-182. Springer, Boston (2011)
5. Goebel, J., Holz, T.: Rishi: Identifying bot-contaminated hosts by IRC nickname evaluation. In: HotBots 2007: Proceedings of the First USENIXWorkshop on Hot Topics in Understanding Botnets, Cambridge, Mass. USENIX Association (June 2007)
6. Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets; Overview and case study. In: HotBots 2007: Proceedings of the First USENIXWorkshop on Hot Topics in Understanding Botnets, Cambridge, Mass. USENIX Association (June 2007)
7. Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: NDSS 2008: Proceedings of the 15th Annual Network and Distributed System Security Symposium, San Diego. Internet Society (February 2008)
8. Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, pp. 139-154 (2008)
9. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting malware infection through IDS-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium, San Jose, California, pp. 167-182. USENIX Association (July 2007)
10. Hogben, G. (ed.): Botnets: Detection, measurement, disinfection and defence. Tech. rep., ENISA (2011)
11. Jensen, C., Korsgaard, T.: Dynamics of trust evolution: Auto-configuration of disposiional trust dynamics. In: Proceedings of the International Conference on Security and Cryptography (SECRYPT 2008), Porto, Portugal, pp. 509-517 (July 2008)
12. Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: HotBots 2007: Proceedings of the First USENIXWorkshop on Hot Topics in Understanding Botnets, Cambridge, Mass. USENIX Association (June 2007)
13. Lu, W., Rammidi, G., Ghorbani, A.A.: Clustering botnet communication traffic based on n-gram feature selection. Computer Communications 34, 502-514 (2011)
14. Marsh, S.: Formalizing Trust as a Computational Concept, PhD thesis, University of Stirling, Dept. of Computer Science and Mathematics (1994)
15. Masud, M.M., Al-Khateeb, T., Khan, L., Turaisingham, B., Hamlen, K.W.: Flow-based identification of botnet traffic by mining multiple log file. In: Proceedings of the International Conference on Distributed Frameworks and Applications (DFMA), Penang, Malaysia (2008)
16. Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of CCS 2002, pp. 245-254. ACM (November 2002)
17. Oliner, A.J., Kulkarni, A.V., Aiken, A.: Community Epidemic Detection Using Time-Correlated Anomalies. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 360-381. Springer, Heidelberg (2010)
18. Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the Storm (peacomm) worm. Tech. rep., SRI International (2007), http://www.cyber-ta.org/pubs/StormWorm/report
19. Porras, P., Saidi, H., Yegneswaran, V.: Conficker C analysis. Tech. rep., SRI International (2009), http://mtc.sri.com/Conficker/addendumC/index.html
20. Ramachandran, A., Feamster, N., Dagon, D.: Revealing botnet membership using DNSBL counter-intelligence. In: SRUTI 2006: Proceedings of the 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, San Jose, California, pp. 49-54. USENIX Association (June 2006)
21. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of Usenix LISA 1999. USENIX Association (1999)
22. Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., Felix, J., Hakimian, P.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 Ninth Annual International Conference on Privacy, Security and Trust,Montreal. IEEE (July 2011)
23. Setia, S., Roy, S., Jajodia, S.: Secure data aggregation in wireless sensor networks. In: Lopez, Zhou (eds.) Wireless Sensor Networks Security (2008)
24. Shin, S., Xu, Z., Gu, G.: EFFORT: Efficient and effective bot malware detection. In: Proceedings of 31st Annual IEEE Conference on Computer Communications (INFOCOM 2012), Orlando, Florida. IEEE (March 2012)
25. Sinclair, G., Nunnery, C., Kang, B.B.: TheWaledac protocol: The how and why. In: Proceedings of International Conference on Malicious and Unwanted Software, MALWARE (2009)
26. Stinson, E., Mitchell, J.C.: Characterizing bots' remote control behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection, Advances in Information Security, vol. 36, pp. 45-64. Springer (2008)
27. Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behaviour. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection, Advances in Information Security, vol. 36, pp. 1-24. Springer (2008)
28. Symantec Inc.: Symantec global internet security threat report, trends for 2010. Security Report XVI, Symantec Inc. (April 2011)
29. Symantec Inc.: Counterclank bot. Tech. rep., Symantec Inc. (2012), http://www.symantec.com/security-response/writeup.jsp?docid=2012-012709-4046-99
30. Villamarin-Salomon, R., Brustoloni, J.C.: Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of 5th IEEE Consumer Communications and Networking Conference (CCNC 2008), pp. 476-481 (2008)
31. Wang, H., Gong, Z.: Collaboration-based botnet detection architecture. In: Proceedings of 2nd International Conference on Intelligent Computational Technology and Automation, Zhangjiajie, China (2009)
32. Wang, H., Hou, J., Gong, Z.: Botnet detection architecture based on heterogeneous multi-sensor information fusion. Journal of Networks 6(12), 1655-1661 (2011)
33. Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. In: HotBots 2007: Proceedings of the First USENIXWorkshop on Hot Topics in Understanding Botnets, Cambridge, Mass. USENIX Association (June 2007)
34. Weng, J., Miao, C., Goh, A.: Improving collaborative filtering with trust-based metrics. In: Proceedings of ACMSymposium on Applied Computing (SAC), pp. 1860-1864. ACM, New York (2006)
35. Zeng, Y., Hu, X., Shin, K.G.: Detection of botnets using combined host- and network-level information. In: Proceedings of 40th International Conference on Dependable Systems and Networks, DSN (2010)
36. Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., Luo, X.: Detecting stealthy P2P botnets using statistical traffic fingerprints. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks (DSN), Hong Kong, pp. 121-132. IEEE/IFIP (June 2011)
37. Zhang, Y., Meratnia, N., Havinga, P.: Outlier detection techniques for wireless sensor networks: A survey. In: IEEE Communications Surveys and Tutorials (2010)