Botnet Behavior Detection using Network Synchronism

Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network...

Descripción completa

Detalles Bibliográficos
Autores principales: García, Sebastián, Zunino, Alejandro, Campo, Marcelo
Formato: Objeto de conferencia
Lenguaje:Inglés
Publicado: 2010
Materias:
Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/152798
http://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdf
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-152798
record_format dspace
spelling I19-R120-10915-1527982023-05-11T20:10:09Z http://sedici.unlp.edu.ar/handle/10915/152798 http://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdf issn:1850-2806 Botnet Behavior Detection using Network Synchronism García, Sebastián Zunino, Alejandro Campo, Marcelo 2010 2010 2023-05-11T13:23:43Z en Ciencias Informáticas Botnet detection clustering EM algorithm security Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness. Sociedad Argentina de Informática e Investigación Operativa Objeto de conferencia Objeto de conferencia http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) application/pdf 1739-1750
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Inglés
topic Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
spellingShingle Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
García, Sebastián
Zunino, Alejandro
Campo, Marcelo
Botnet Behavior Detection using Network Synchronism
topic_facet Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
description Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.
format Objeto de conferencia
Objeto de conferencia
author García, Sebastián
Zunino, Alejandro
Campo, Marcelo
author_facet García, Sebastián
Zunino, Alejandro
Campo, Marcelo
author_sort García, Sebastián
title Botnet Behavior Detection using Network Synchronism
title_short Botnet Behavior Detection using Network Synchronism
title_full Botnet Behavior Detection using Network Synchronism
title_fullStr Botnet Behavior Detection using Network Synchronism
title_full_unstemmed Botnet Behavior Detection using Network Synchronism
title_sort botnet behavior detection using network synchronism
publishDate 2010
url http://sedici.unlp.edu.ar/handle/10915/152798
http://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdf
work_keys_str_mv AT garciasebastian botnetbehaviordetectionusingnetworksynchronism
AT zuninoalejandro botnetbehaviordetectionusingnetworksynchronism
AT campomarcelo botnetbehaviordetectionusingnetworksynchronism
_version_ 1765722521453199360

Ejemplares similares