We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

Abstract: Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial of service (DDoS) attacks. Most of previous researches have introduced fully or partially signature-based botnet detection approaches. In this paper, we propose a fully anomaly-based approach that requires no a priori knowledge of bot signatures, botnet C&C protocols, and C&C server addresses. We start from inherent characteristics of botnets. Bots connect to the C&C channel and execute the received commands. Bots belonging to the same botnet receive the same commands that causes them having similar netflows characteristics and performing same attacks. Our method clusters bots with similar netflows and attacks in different time windows and perform correlation to identify bot infected hosts. We have developed a prototype system and evaluated it with real-world traces including normal traffic and several real-world botnet traces. The results show that our approach has high detection accuracy and low false positive.
Comments: IEEE Conference on Computer Applications and Industrial Electronics (ICCAIE), Penang, Malaysia, December 2011
Subjects: Cryptography and Security (cs.CR)
DOI: 10.1109/ICCAIE.2011.6162198
Cite as: arXiv:1811.00925 [cs.CR]
  (or arXiv:1811.00925v1 [cs.CR] for this version)

Submission history

From: Sajjad Arshad [view email]
[v1] Fri, 2 Nov 2018 15:12:45 GMT (301kb)

Link back to: arXiv, form interface, contact.