Themis: Data Driven Approach to Botnet Detection
نویسندگان
چکیده
The detection of hosts infected with botnet malware in a timely manner is an important task, since botnets are responsible for many recent security incidents. We propose Themis, an approach based on inferring the structure of time varying IPto-IP communication with the Stochastic Block Model (SBM). Themis use the inferred structure to detect and quantify abnormal behavior of individual hosts. The novelty of our approach is the use of probabilistic inference directly on host interactions to model normality. The challenges of our approach are adapting the inference process to obtain a usable output in a dynamic system, and to specify abnormal behavior with respect to the inferred structure. Themis is able to distinguish between infected and benign hosts with accuracy larger 95 % and compares favorably against state of the art botnet detection mechanisms [1].
منابع مشابه
BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملMining Concept-Drifting Data Stream to Detect Peer to Peer Botnet Traffic
We propose a novel stream data classification technique to detect Peer to Peer botnet. Botnet traffic can be considered as stream data having two important properties: infinite length and drifting concept. Thus, stream data classification technique is more appealing to botnet detection than simple classification technique. However, no other botnet detection approaches so far have applied stream...
متن کاملBOTNET Detection Approach by DNS Behavior and Clustering Analysis
Botnets are one of the most serious threats to internet security. A botnet is a network of computers on internet which are under the influence of a malware code, oblivious to the owner of that computer and sends out transmissions (virus or spam) to other computers on internet. Botnet can be utilized for DoS attacks, phishing, spamming and many other fraudulent activities. Therefore, it is impor...
متن کاملBotnet Detection Based on Network Behavior
Current techniques for detecting botnets examine traffic content for IRC commands, monitor DNS for strange usage, or set up honeynets to capture live bots. Our botnet detection approach is to examine flow characteristics such as bandwidth, packet timing, and burst duration for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that...
متن کامل