Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods
نویسندگان
چکیده
Automated bot/botnet detection is a difficult problem given the high level of attacker power. We propose a systematic approach for evaluating the evadability of detection methods. An evasion tactic has two associated costs: implementation complexity and effect on botnet utility. An evasion tactic’s implementation complexity is based on the ease with which bot writers can incrementally modify current bots to evade detection. Modifying a bot in order to evade a detection method may result in a less useful botnet; to explore this, we identify aspects of botnets that impact their revenue-generating capability. For concreteness, we survey some leading automated bot/botnet detection methods, identify evasion tactics for each, and assess the costs of these tactics. We also reconsider assumptions about botnet control that underly many botnet detection methods.
منابع مشابه
BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملCollecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment
Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with new unknown bots. By slightly modifying the code of an existing bot, bot commanders can bypass mos...
متن کاملA fuzzy pattern-based filtering algorithm for botnet detection
Please cite this article in press as: K. Wang et doi:10.1016/j.comnet.2011.05.026 Botnet has become a popular technique for deploying Internet crimes. Although signaturebased bot detection techniques are accurate, they could be useless when bot variants are encountered. Therefore, behavior-based detection techniques become attractive due to their ability to detect bot variants and even unknown ...
متن کاملA Holistic Botnet Detection Framework Independent of Botnet Protocols and Architecture
Fast growth of Internet has brought some security concerns. One of these security concerns is Botnet. Bot and Botnets are new sophisticated kind of malware that is equipped with advanced features and have variety of applications. This paper reviews the current botnet detection frameworks and their advantages and drawbacks. To address the drawbacks we propose a conceptual holistic Botnet Detecti...
متن کامل