BotDet: A System for Real Time Botnet Command and Control Traffic Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F18%3A00101835" target="_blank" >RIV/00216224:14330/18:00101835 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/8384239/" target="_blank" >https://ieeexplore.ieee.org/document/8384239/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ACCESS.2018.2846740" target="_blank" >10.1109/ACCESS.2018.2846740</a>

Jazyk výsledku

angličtina

Název v původním jazyce

BotDet: A System for Real Time Botnet Command and Control Traffic Detection

Popis výsledku v původním jazyce

Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&amp;C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed sytsem: (i) we have developed four detection modules to detect different possible techniques used in botnet C&amp;C communications; (ii) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6% respectively. Furthermore, it proves BotDet capability of real time detection.

Název v anglickém jazyce

BotDet: A System for Real Time Botnet Command and Control Traffic Detection

Popis výsledku anglicky

Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&amp;C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed sytsem: (i) we have developed four detection modules to detect different possible techniques used in botnet C&amp;C communications; (ii) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6% respectively. Furthermore, it proves BotDet capability of real time detection.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobilní dedikované zařízení pro naplňování schopností reakce na počítačové incidenty</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

IEEE Access

ISSN

2169-3536

e-ISSN

2169-3536

Svazek periodika

6

Číslo periodika v rámci svazku

June

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

12

Strana od-do

38947-38958

Kód UT WoS článku

000440397400001

EID výsledku v databázi Scopus

—