Abdul Manaf, Azizah and H. R., Zeidanloo and P., Vahdani and F., Tabatabaei and M., Zamani (2010) Botnet detection based on traffic monitoring. In: ICNIT 2010 - 2010 International Conference on Networking and Information Technology, 2010, Manila, Philiphines.
![[img]](http://eprints.utm.my/style/images/fileicons/application_pdf.png) |
PDF
68Kb |
Official URL: http://dx.doi.org/10.1109/ICNIT.2010.5508552
Abstract
Botnet is most widespread and occurs commonly in today's cyber attacks, resulting in serious threats to our network assets and organization's properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. They are used to distribute commands to the Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as Botnets change their structure and C&C techniques. In this paper, we proposed a new general detection framework. This proposed framework is based on finding similar communication patterns and behaviors among the group of hosts that are performing at least one malicious activity. The point that distinguishes our proposed detection framework from many other similar works is that there is no need for prior knowledge of Botnets such as Botnet signature.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Uncontrolled Keywords: | botnet, P2P, bot, detection, malicious activity |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Divisions: | Others |
| ID Code: | 27086 |
| Deposited By: | Liza Porijo |
| Deposited On: | 27 Jul 2012 00:38 |
| Last Modified: | 27 Jul 2012 00:38 |
Repository Staff Only: item control page
