User Traffic Profile for Traffic Reduction and Effective Bot C&C Detection
نویسندگان
چکیده
Bots are malicious software components used for generating spams, launching denial of service attacks, phishing, identity theft and information exfiltration and such other illegal activities. Bot detection is an area of active research in recent times. Here we propose a bot detection mechanism for a single host. A user traffic profile is used to filter out normal traffic generated by the host. The remaining suspicious traffic is subject to detailed analysis. The nature of detailed analysis is derived from a characterization of bot traffic. The detection system is tested using two real world bots. Performance evaluation results show that the proposed system achieves a high detection rate (100%) and a low false positive rate (0–8%). The traffic filtering yielded an average reduction in traffic by 70%.
منابع مشابه
Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملBotnet Malicious Activity Detection Based on DNS Traffic Analysis
In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملRishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation
In this paper, we describe a simple, yet effective method to detect bot-infected machines within a given network that relies on detection of the communication channel between bot and Command & Control server (C&C server). The presented techniques are mainly based on passively monitoring network traffic for unusual or suspicious IRC nicknames, IRC servers, and uncommon server ports. By using n-g...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 16 شماره
صفحات -
تاریخ انتشار 2014