Botnet detection based on traffic behavior analysis and flow intervals

Computers and Security

Volumn 39, Issue PARTA, 2013, Pages 2-16

  Zhao, David ^a   Traore, Issa ^a   Sayed, Bassam ^a   Lu, Wei ^b   Saad, Sherif ^a   Ghorbani, Ali ^c   Garant, Dan ^b  

^a UNIVERSITY OF VICTORIA   (Canada)

^b KEENE STATE COLLEGE   (United States)

^c UNIVERSITY OF NEW BRUNSWICK   (Canada)

Author keywords

Botnet; Intrusion detection; Machine learning; Network flows; Traffic behavior analysis

Indexed keywords

BOTNET; BOTNET DETECTIONS; COMPLETE NETWORKS; NETWORK DEVICES; NETWORK FLOWS; NETWORK TRAFFIC; SERVICE AVAILABILITY; TRAFFIC BEHAVIOR;

INTRUSION DETECTION; LEARNING SYSTEMS;

DETECTORS;

EID: 84888288736     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2013.04.007     Document Type: Article

References (32)

1. B. Al-Duwairi, and L. Al-Ebbini BotDigger: a fuzzy inference system for botnet detection Proceedings of the fifth international conference on Internet and applications and services, Barcelona, 9-15 May 2010 2010 16 21
2. M. Feily, A. Shahrestani, and S. Ramadass A survey of botnet and botnet detection Proceedings of the third international conference on emerging security information, systems and technologies 2009 IEEE Computer Society 268 273
3. Z. Gao, G. Lu, and D. Gu A novel P2P traffic identification scheme based on support vector machine fuzzy network Proceedings of 2nd international workshop on knowledge discovery and data mining, Jan. 2009 2009 909 912
4. F. Giroire, J. Chandrashekar, N. Taft, E. Schooler, and D. Papagiannaki Exploiting temporal persistence to detect covert botnet channels Proceedings of the 12th international symposium on recent advances in intrusion detection (RAID'09) 2009 Springer-Verlag 326 345
5. J.B. Grizzard, V. Sharma, C. Nunnery, B. ByungHoon Kang, and D. Dagon Peer-to-peer botnets: overview and case study Proceedings of the first workshop on hot topics in understanding botnet (HotBots'07), Cambridge, MA, April 2007 2007 USENIX Association Berkeley
6. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee BotHunter: detecting malware infection through IDS-driven dialog correlation Proceedings of the 16th USENIX security symposium, Boston, MA, USA 2007 167 182
7. G. Gu, J. Zhang, and W. Lee BotSniffer: detecting botnet command and control channels in network traffic Proceedings of the 15th annual network and distributed system security symposium 2008
8. G. Gu, R. Perdisci, J. Zhang, and W. Lee BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection Proceedings of the 17th USENIX security symposium, San Jose, CA, USA 2008
9. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freilin Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm Proceedings of the 1st USENIX workshop on large-scale exploits and emergent threats 2008 USENIX Association Berkeley
10. Lawrence Berkeley National Laboratory and ICSI LBNL/ICSI enterprise tracing project. LBNL enterprise trace repository 2005 [Online] http://www.icir.org/enterprise-tracing
11. J. Leonard, S. Xu, and R. Sandhu A framework for understanding botnets Proceedings of international conference on availability, reliability and security 2009 IEEE Computer Society 917 922
12. J. Li, S. Zhang, S. Liu, and Y. Xuan P2P traffic identification technique Proceedings of the international conference on computational intelligence and security, Harbin, China, 15-19 Dec. 2007 2007 37 41
13. C. Livadas, R. Walsh, D. Lapsley, and W.T. Strayer Using machine learning techniques to identify botnet traffic Proceedings of 2nd IEEE LCN workshop on network security 2006 967 974
14. M. Masud, J. Gao, L. Khan, J. Han, and B. Thuraisingham Mining concept-drifting data stream to detect peer-to-peer botnet traffic 2008 Univ. of Texas at Dallas Tech Report UTDCS-05-08 http://www.utdallas.edu/mmm058000/ reports/UTDCS-05-08.pdf
15. J. Nazario BlackEnergy DDoS bot analysis Technical Report October 2007 Arbor Networks 11 Available at http://atlas-public.ec2.arbor.net/docs/ BlackEnergy+DDoS+Bot+Analysis.pdf
16. openpacket.org. Zeus/Zbot sample traffic and C& C traffic. Retrieved October 29, 2012, from www.openpacket.org.
17. M.A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis A multifaceted approach to understanding the botnet phenomenon Proceedings of the 6th ACM SIGCOMM conference on Internet measurement 2006 ACM New York
18. S. Saad, I. Traore, A. Ghorbani, B. Sayed, D. Zhao, and W. Lu Detecting P2P botnets through network behavior analysis and machine learning Proceedings of 9th annual conference on privacy, security and trust (PST2011), July 19-21, 2011, Montreal, Canada 2011
19. A. Shiravi, H. Shiravi, M. Tavallaee, and A. Ghorbani Toward developing a systematic approach to generate benchmark datasets for intrusion detection Computers & Security, Elsevier 31 3 2012 357 374
20. G. Sinclair, C. Nunnery, and B.B. Kang The Waledac protocol: the how and why Proceeding of 4th IEEE international conference on malicious and unwanted software 2009 69 77
21. Roesch M. Snort Lightweight intrusion detection for networks Proceedings of the 13th USENIX conference on system administration 1999 229 238
22. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller An overview of IP flow-based intrusion detection IEEE Communications Surveys & Tutorial 12 3 2010 343 356
23. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller An overview of IP flow-based intrusion detection IEEE Communications Surveys & Tutorial 12 3 2010 343 356 (Pubitemid 351702280)
24. The Honeynet Project. French Chapter [Online] http://www.honeynet.org/ chapters/france.
25. R. Villamarn-Salomn, and J.C. Brustoloni Bayesian bot detection based on DNS traffic similarity Proceedings of the 2009 ACM symposium on applied computing, Honolulu, Hawaii 2009 2035 2041
26. P. Wang, S. Sparks, and C.C. Zou An advanced hybrid peer-to-peer botnet Proceedings of the first workshop on hot topics in understanding botnets 2007 USENIX Association Berkeley, CA, USA
27. B. Wang, Z. Li, H. Tu, and J. MaWang Measuring peer-to-peer botnets using control flow stability Proceedings of the fourth international conference on availability, reliability and security, March 16-19, 2009, Fukuoka, Japan 2009 663 669
28. I.H. Witten, E. Frank, L. Trigg, M. Hall, G. Holmes, and S.J. Cunningham Weka: practical machine learning tools and techniques (Working paper 99/11) 1999 University of Waikato, Department of Computer Science Hamilton, New Zealand
29. P. Wurzinger, L. Bilge, T. Holz, J. Goebel, C. Kruegel, and E. Kirda Automatically generating models for botnet detection Proceedings of the 14th European conference on research in computer security (ESORICS 2009) Lecture Notes in Computer Science vol. 5789 2009 Springer Verlag 232 249
30. X. Yu, X. Dong, G. Yu, Y. Qin, D. Yue, and Y. Zhao Online botnet detection based on incremental discrete Fourier transform Journal of Networks 5 5 2010
31. H.R. Zeidanloo, and S. Rouhani Botnet detection by monitoring common network behaviors March 2012 Lambert Academic Publishing 9783848404759
32. D. Zhao, I. Traore, A. Ghorbani, B. Sayed, S. Saad, and W. Lu Peer-to-peer botnet detection based on flow intervals Proceedings of IFIP international information security and privacy conference (SEC 2012), 4-6 June 2012, Crete, Greece 2012