BotTrack: Tracking Botnets Using NetFlow and PageRank
نویسندگان
چکیده
With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. We extend the popular linkage analysis algorithm PageRank [27] with an additional clustering process in order to efficiently detect stealthy botnets using peer-to-peer communication infrastructures and not exhibiting large volumes of traffic. The key conceptual component in our approach is to analyze communication behavioral patterns and to infer potential botnet activities.
منابع مشابه
Towards Efficient and Privacy-Preserving Network-Based Botnet Detection Using Netflow Data
Botnets pose a severe threat to the security of Internet-connected hosts and the availability of the Internet's infrastructure. In recent years, botnets have attracted many researchers. As a result, many achievements in studying different botnets' anatomies have been made and approaches to botnet detection have been developed. However, most of these approaches target at botnet detection using r...
متن کاملPeer-to-Peer Botnet Detection Using NetFlow Master Thesis
. Abstract . . Traditional botnets use a centralized communications architecture where all the bots connect to Command and Control (C&C) servers. These servers are the weak point of the botnet, as they are easy targets for take down and monitoring. Peer-to-peer (p2p) botnets have a distributed architecture, which make them more resilient. This research aims at the detection of individual p2p bo...
متن کاملHaDeS: A Hadoop-based Framework for Detection of Peer-to-Peer Botnets
This paper presents Hades, a Hadoop-based framework for detection of P2P botnets in an enterprise-level network, which is distributed and scalable by design. The contributions of this work are two-fold: Firstly, our work uses the Hadoop-ecosystem to adopt a ‘host-aggregation based’ approach which aggregates behavioral metrics for each Peerto-Peer (P2P) host seen in network communications, and u...
متن کاملA Taxonomy of Botnets
Attackers are increasingly using large networks of compromised machines to carry out further attacks (e.g., using botnets, or enormous groups of compromised hosts under the control of a single attacker). We consider the problem of responding to entire networks of attacking computers. We identify key metrics for measuring the utility of a botnet, and describe various topological structures they ...
متن کاملThe Evaluation of the Team Performance of MLB Applying PageRank Algorithm
Background. There is a weakness that the win-loss ranking model in the MLB now is calculated based on the result of a win-loss game, so we assume that a ranking system considering the opponent’s team performance is necessary. Objectives. This study aims to suggest the PageRank algorithm to complement the problem with ranking calculated with winning ratio in calculating team ranking of US MLB. ...
متن کامل