BotOnus: an online unsupervised method for Botnet detection

نویسندگان

چکیده مقاله:

Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage of their lifecycle; moreover, they depend on a particular command and control (C&C) protocol. In this paper, we address these issues and propose an online unsupervised method, called BotOnus, for botnet detection that does not require a priori knowledge of botnets. It extracts a set of flow feature vectors from the network traffic at the end of each time period, and then groups them to some flow clusters by a novel online fixed-width clustering algorithm. Flow clusters that have at least two members, and their intra-cluster similarity is above a similarity threshold, are identified as suspicious botnet clusters, and all hosts in such clusters are identified as bot infected. We demonstrate the effectiveness of BotOnus to detect various botnets including HTTP-, IRC-, and P2P-based botnets using a testbed network. The results of experiments show that it can successfully detect various botnets with an average detection rate of 94.33% and an average false alarm rate of 3.74%.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

BotOnus: AnOnline UnsupervisedMethod for Botnet Detection

Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...

متن کامل

Adaptability of IRC Botnet Detection Method to P2P Botnet Detection

This report mainly discusses the adaptability of the IRC-based Bot detection method to be used in the P2P-based Bot detection. The first section introduces the IRC-based bot and the newly appeared P2P-based bot to see their difference. The second section shows the related work and the traditional method of BOTNET detection. The third section discusses the methodology used by the IRC based Botne...

متن کامل

An Algorithm for Anomaly-based Botnet Detection

We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in c...

متن کامل

An Unsupervised Method for Detection of XSS Attack

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious script in another user’s browser. Once the attacker gains control over the Website vulnerable to XSS attack, it can perform actions like cookie-stealing, malware-spreading, session-hijacking and malicious redirection. Malicious JavaScripts are the most conventional ways of performing XSS attacks. ...

متن کامل

An Unsupervised Support Vector Method for Change Detection

This paper formulates the problem of distinguishing changed from unchanged pixels in remote sensing images as a minimum enclosing ball (MEB) problem with changed pixels as target class. The definition of the sphere shaped decision boundary with minimal volume that embraces changed pixels is approached in the context the support vector formalism adopting a support vector domain description (SVDD...

متن کامل

Online Botnet Detection Based on Incremental Discrete Fourier Transform

Botnet detection has attracted lots of attention since botnet attack is becoming one of the most serious threats on the Internet. But little work has considered the online detection. In this paper, we propose a novel approach that can monitor the botnet activities in an online way. We define the concept of “feature streams” to describe raw network traffic. If some feature streams show high simi...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


عنوان ژورنال

دوره 4  شماره 1

صفحات  51- 62

تاریخ انتشار 2012-01-01

با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023