A Multi-Layered Approach to Botnet Detection
نویسندگان
چکیده
– The goal of this research was to design a multi-layered architecture for the detection of a wide range of existing and new botnets. By not relying on a single technique but rather building in the ability to support multiple techniques, the goal is to be able to detect a wider array of bots and botnets than is possible with a single technique. The open architecture and API will allow any techniques designed by other researchers to be integrated. The goal is to use signature type techniques to detect well-known bots and botnets and data mining techniques to detect new classes and variants; i.e. anomaly or misuse detection.
منابع مشابه
BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملMulti-agent Based Approach of Botnet Detection
A new approach for the botnet detection based on multi-agent system is proposed. The structure and main principles of antiviral agents’ functioning within multi-agent system is developed. The principles of communication between the agent’s units before and after attack on the computer system were developed. Software for realisation of antivirus multi-agent system on proposed techniques was deve...
متن کاملMining Concept-Drifting Data Stream to Detect Peer to Peer Botnet Traffic
We propose a novel stream data classification technique to detect Peer to Peer botnet. Botnet traffic can be considered as stream data having two important properties: infinite length and drifting concept. Thus, stream data classification technique is more appealing to botnet detection than simple classification technique. However, no other botnet detection approaches so far have applied stream...
متن کاملMulti-phase IRC Botnet and Botnet Behavior Detection Model
Botnets are considered one of the most dangerous and serious security threats facing the networks and the Internet. Comparing with the other security threats, botnet members have the ability to be directed and controlled via C&C messages from the botmaster over common protocols such as IRC and HTTP, or even over covert and unknown applications. As for IRC botnets, general security instances lik...
متن کامل