Entelecheia: Detecting P2P botnets in their waiting stage

2013 IFIP Networking Conference, IFIP Networking 2013

Volumn , Issue , 2013, Pages

  Hang, Huy ^a   Wei, Xuetao ^a   Faloutsos, Michalis ^a   Eliassi Rad, Tina ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b RUTGERS UNIVERSITY   (United States)

Author keywords

anomaly detection; botnet; community; graph mining; security

Indexed keywords

ANOMALY DETECTION; BOTNET; COMMUNITY; GRAPH-MINING; SECURITY;

EXPERIMENTS; GRAPHIC METHODS;

FLOW GRAPHS;

EID: 84890840695     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. Argus: Auditing network activity. http://www.qosient.com/argus/.
2. Mawi traffic archive. http://mawi.wide.ad.jp/mawi/samplepoint-B/20060303/ .
3. BINKLEY, J. R., AND SINGH, S. An algorithm for anomaly-based botnet detection. In Proc. of USENIX SRUTl (July 2006).
4. BLONDEL, v., GUILLAUME, J., LAMBIOTTE, R., AND LEFEBVRE, E. Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment (2008).
5. COSKUN, B ., DIETRICH, S., AND MEMON, N. Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In Proc. of ACSAC 2010, ACM, pp. 131-140.
6. FORTUNATO, S. Community detection in graphs. Physics Reports 486, 3 (2010).
7. Gu, G., PERDISCI, R., ZHANG, J., AND LEE, W. Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In Proc. of Usenix Security 2008, USENIX Association, pp. 139-154.
8. Gu, G., PORRAS, P., YEGNESWARAN, V., FONG, M., AND LEE, W. Bothunter: Detecting mal ware infection through ids-driven dialog correlation. In Proc. of 16th USENIX Security Symposium (2007), USENIX Association, p. 12.
9. HOLZ, T., STEINER, M., DAHL, F., BIERSACK, E., AND FREILlNG, F. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Proc. of LEET 2008.
10. HUSSAIN, A., HEIDEMANN, J., AND PAPADOPOULOS, C. A framework for classifying denial of service attacks. In Proc. of SIGCOMM (August 2003).
11. ILiOFOTOU, M., GALLAGHER, B ., ELiASSI-RAD, T., G., X., AND M., F. Profiling-by-association: A resilient traffic profiling solution for the internet backbone. In Proc. of ACM CoNEXT (Dec. 2010).
12. ILiOFOTOU, M., KIM, H., FALOUTSOS, M., MITZENMACHER, M., PAPPU, P., AND VARGHESE, G. Graption: A graph-based p2p traffic classification framework for the internet backbone. Computer Networks (2011).
13. ILiOFOTOU, M., PAPPU, P., FALOUTSOS, M., MITZENMACHER, M., SINGH, S., AND VARGHESE, G. Network Monitoring using Traffic Dispersion Graphs. In Proc. of IMC (2007).
14. JIN, Y., SHARAFUDDIN, E., AND ZHANG, Z. Unveiling core networkwide communication patterns through application traffic activity graph decomposition. In Proc. of SIGMETRICS 2009 (2009), ACM, pp. 49-60.
15. JOHN, J. P., MOSHCHUK, A., GRIBBLE, S. D ., AND KRISHNAMURTHY, A. Studying spamming botnets using botlab. In Proc. of NSDI 2008.
16. Lt, Z., GOYAL, A., CHEN, Y., AND PAXSON, V. Towards situational awareness of large-scale botnet probing events. In IEEE Transactions on Information Forensics & Security (March 2011).
17. LtvADAS, C., WALSH, R., LAPSLEY, D ., AND STRAYER, W. T. Using machine learning techniques to identify botnet traffic. In Proc. of WoNS (2006).
18. NAGARAJA, S., MITTAL, P., HONG, c., CAESAR, M., AND BORISOV, N. Botgrep: Finding p2p bots with structured graph analysis. In Proc. of the 19th USENIX conference on Security (2010), USENIX Association.
19. ROESCH, M. ET AL. Snort: Lightweight intrusion detection for networks. In Proc. of LISA (1999), pp. 229-238.
20. STOVER, S., DITTRICH, D ., HERNANDEZ, J., AND DIETRICH, S. Analysis of the storm and nugache trojans: P2p is here. USENIX;login 32, 6 (2007), 2007-12.
21. STRINGHINI, G., HOLZ, T., STONE-GROSS, B ., KRUEGEL, c., AND VIGNA, G. Botmagnifier: Locating spambots on the internet. In Proc. of Usenix Security 2011.
22. TUNG, L. Storm worm: More powerful than blue gene? http://www.zdnet.com/ storm-worm-more-powerful-than-blue-gene-3039289226/.
23. VACCA, J. Computer and Information Security Handbook. Morgan Kaufmann, 2009.
24. W HITNEY, L. With legal nod, microsoft ambushes waledac botnet. http://news.cnet.com/8301-1009-3-10459558-83.html.
25. YEN, T., AND REITER, M. Are your hosts trading or plotting? Telling p2p file-sharing and bots apart. In Proc. of ICDCS 2010, IEEE, pp. 241- 252.
26. ZHANG, J., PERDISCI, R., LEE, W., SARFRAZ, U., AND Luo, X. Detecting stealthy p2p botnets using statistical traffic fingerprints. In Proc. of DSN (2011), IEEE.
27. ZHAO, Y., XIE, Y., Yu, F., KE, Q., Yu, Y., CHEN, Y., AND GILLUM, E. Botgraph: Large scale spamming botnet detection. In Proc. of NSDI 2009.