Efficient Detection of Real-World Botnets' Command and Control Channels Traffic
نویسندگان
چکیده
Botnets are a major security threat to today’s Internet. Therefore, the detection of botnets has become a central task for network administrators. In this paper, we study the detection of botnets by monitoring and analyzing the Command and Control (C2) channels communication traffic. We note that this detection approach is effective as it detects a botnet before it engages in any harmful activities. We analyze real network traffic captured at King Saud University network by exploiting the periodic behavior in C2 traffic. We use periodograms to study the periodic behavior, and apply Walker’s large sample test to detect whether the traffic has a significant periodic component or not, and, if it does, then it is bot traffic. We apply this test on two different days of KSU traffic. We show that the traffic in those days exhibit periodic behavior and report the source of that traffic as bot.
منابع مشابه
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Botnets are now recognized as one of the most serious security threats. In contrast to previous malware, botnets have the characteristic of a command and control (C&C) channel. Botnets also often use existing common protocols, e.g., IRC, HTTP, and in protocol-conforming manners. This makes the detection of botnet C&C a challenging problem. In this paper, we propose an approach that uses network...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملBotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a...
متن کاملIdentification and recognition of remote-controlled malware
Remote-controlled malware, organized in so-called botnets, have emerged as one of the most prolific kinds of malicious software. Although numbers vary, in extreme cases such as Conficker, Bredolab and Mariposa, one botnet can span up to several million infected computers. This way, attackers draw substantial revenue by monetizing their bot-infected computers. This thesis encapsulates research o...
متن کاملAn Efficient Machine Learning Based Classification Scheme for Detecting Distributed Command & Control Traffic of P2P Botnets
Biggest internet security threat is the rise of Botnets having modular and flexible structures. The combined power of thousands of remotely controlled computers increases the speed and severity of attacks. In this paper, we provide a comparative analysis of machine-learning based classification of botnet command & control(C&C) traffic for proactive detection of Peer-toPeer (P2P) botnets. We com...
متن کامل