Botnet Behavior Detection using Network Synchronism

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F11%3A00360842" target="_blank" >RIV/68407700:21230/11:00360842 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.4018/978-1-60960-836-1.ch005" target="_blank" >https://doi.org/10.4018/978-1-60960-836-1.ch005</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.4018/978-1-60960-836-1.ch005" target="_blank" >10.4018/978-1-60960-836-1.ch005</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Botnet Behavior Detection using Network Synchronism

Popis výsledku v původním jazyce

Botnets’ diversity and dynamism challenge detection and classification algorithms depend heavily on static or protocol-dependant features. Several methods showing promising results were proposed using behavioral-based approaches. The authors conducted an analysis of botnets’ and bots’ most inherent characteristics such as synchronism and network load within specific time windows to detect them more efficiently. By not relying on any specific protocol, our proposed approach detects infected computers by clustering bots’ network behavioral characteristics using the Expectation-Maximization algorithm. An encouraging false positive error rate of 0.7% shows that bots’ traffic can be accurately separated by our approach by analyzing several bots and non-botnet network captures and applying a detailed analysis of error rates.

Název v anglickém jazyce

Botnet Behavior Detection using Network Synchronism

Popis výsledku anglicky

Botnets’ diversity and dynamism challenge detection and classification algorithms depend heavily on static or protocol-dependant features. Several methods showing promising results were proposed using behavioral-based approaches. The authors conducted an analysis of botnets’ and bots’ most inherent characteristics such as synchronism and network load within specific time windows to detect them more efficiently. By not relying on any specific protocol, our proposed approach detects infected computers by clustering bots’ network behavioral characteristics using the Expectation-Maximization algorithm. An encouraging false positive error rate of 0.7% shows that bots’ traffic can be accurately separated by our approach by analyzing several bots and non-botnet network captures and applying a detailed analysis of error rates.

Druh

C - Kapitola v odborné knize

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2011

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název knihy nebo sborníku

Privacy, Intrusion Detection and Response: Technologies for Protecting Networks

ISBN

9781609608361

Počet stran výsledku

23

Strana od-do

1-23

Počet stran knihy

468

Název nakladatele

IGI Global

Místo vydání

Hershey, Pennsylvania

Kód UT WoS kapitoly

—