Bots Behaviors vs. Human Behaviors on Large-Scale Communication Networks (Extended Abstract)
نویسندگان
چکیده
In this paper we propose a hierarchical framework for detecting and characterizing any types of botnets on a large-scale WiFi ISP network. In particular, we first analyze and classify the network traffic into different applications by using payload signatures and the cross-associations for IP addresses and ports. Then based on specific application community (e.g. IRC, HTTP, or Peer-to-Peer), we present a novel temporal-frequent characteristic of flows that leads the differentiation of malicious behaviors created by bots from normal network traffic generated by human beings. We evaluate our approach with over 160 million flows collected over five consecutive days on a large-scale network and preliminary results show the proposed approach successfully detects the IRC botnet flows from over 160 million flows with a high detection rate and an acceptable low false alarm rate. 1 Problem Statement, State of the Art and Contributions Detecting botnets behaviors on large-scale networks is a very challenging problem. This is because: (1) botnets are often hidden in existing applications, and thus their traffic volume is not that big and is very similar with normal traffic behaviors; (2) identifying network traffic into different applications becomes more challenging and is still an issue yet to be solved due to traffic content encryption and the unreliable destination port labeling method. The observation on a large-scale WiFi ISP network over a half year period showed that even exploring the flow content examination method, there are still about 40% network flows that cannot be classified into specific applications. Investigating such a huge number of unknown traffic is very important since they might stand for the abnormalities in the traffic, malicious behaviors or simply the identification of novel applications. Current attempts on detecting botnets are mainly based on honeypots, passive anomaly analysis and traffic application classification. The anomaly analysis for detecting botnets on network traffic is usually independent of the traffic content and has the potential to find different types of botnets. However, anomaly R. Lippmann, E. Kirda, and A. Trachtenberg (Eds.): RAID 2008, LNCS 5230, pp. 415–416, 2008. c © Springer-Verlag Berlin Heidelberg 2008
منابع مشابه
Understanding a prospective approach to designing malicious social bots
The security implications of social bots are evident in consideration of the fact that data sharing and propagation functionality are well integrated with social media sites. Existing social bots primarily use RSS (Really Simple Syndication) and OSN (Online Social Network) APIs to communicate with OSN servers. Researchers have profiled their behaviors well, and have proposed various mechanisms ...
متن کاملE-Cigarette Surveillance With Social Media Data: Social Bots, Emerging Topics, and Trends
BACKGROUND As e-cigarette use rapidly increases in popularity, data from online social systems (Twitter, Instagram, Google Web Search) can be used to capture and describe the social and environmental context in which individuals use, perceive, and are marketed this tobacco product. Social media data may serve as a massive focus group where people organically discuss e-cigarettes unprimed by a r...
متن کاملThe Effectiveness of Training Social Skills on High Risk Behaviors and Communication Skills in Secondary School Students
Background: The purpose of the present study was to determine the effectiveness of social skills training on high risk behaviors and communication skills in secondary school students in Kalibar city. Methods: This research is a quasi-experimental study with pre-test and post-test design with control group. The statistical population of this study consisted of all male high school students in K...
متن کاملA Behavior Analysis-Based Game Bot Detection Approach Considering Various Play Styles
Yeounoh Chung et al. 1 An approach for game bot detection in MMORPGs is proposed based on the analysis of game playing behavior. Since MMORPGs are large scale games, users can play in various ways. This variety in playing behavior makes it hard to detect game bots based on play behaviors. In order to cope with this problem, the proposed approach observes game playing behaviors of users and grou...
متن کاملRelated Factors of the Preventing Behaviors of HIV/AIDS among Young People: Applying the Extended Health Belief Model (EHBM)
Background HIV/AIDS is one of the major public health problems and a barrier to the progress of human civilization that is considered as a big concern for people all around the world. Premarital sexual abstinence is introduced as the most effective way to avoid HIV/AIDS. This study aimed to determine associated factors in the preventing behaviors of HIV/AIDS among young people using the Extende...
متن کامل