Abstract | ||
---|---|---|
A botnet is a network of compromised computers infected with malicious code that can be controlled remotely under a common command and control (C&C) channel. As one the most serious security threats to the Internet, a botnet cannot only be implemented with existing network applications (e.g. IRC, HTTP, or Peer-to-Peer) but also can be constructed by unknown or creative applications, thus making the botnet detection a challenging problem. In this paper, we propose a new online botnet traffic classification system, called BotCop, in which the network traffic are fully classified into different application communities by using payload signatures and a novel decision tree model, and then on each obtained application community, the temporal-frequent characteristic of flows is studied and analyzed to differentiate the malicious communication traffic created by bots from normal traffic generated by human beings. We evaluate our approach with about 30 million flows collected over one day on a large-scale WiFi ISP network and results show that the proposed approach successfully detects an IRC botnet from about 30 million flows with a high detection rate and a low false alarm rate. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/CNSR.2009.21 | CNSR |
Keywords | Field | DocType |
command and control channel,false alarm rate,network application,network traffic,large-scale wifi isp network,botnet detection,online botnet traffic classification system,payload signatures,botcop,malicious communication traffic,internet,application community,security threats,telecommunication security,telecommunication traffic,million flow,irc botnet,decision tree,decision trees,malicious code,online botnet traffic classifier,normal traffic,new online botnet traffic,command and control,computer networks,protocols,classification algorithms,application software,servers,payloads,traffic classification | Traffic classification,Cutwail botnet,Decision tree,Botnet,Srizbi botnet,Computer science,Computer security,Server,Computer network,Payload,The Internet | Conference |
ISBN | Citations | PageRank |
978-0-7695-3649-1 | 19 | 0.88 |
References | Authors | |
15 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Wei Lu | 1 | 703 | 30.81 |
Mahbod Tavallaee | 2 | 748 | 29.01 |
Goaletsa Rammidi | 3 | 38 | 1.59 |
Ali A. Ghorbani | 4 | 1891 | 135.01 |