Capítulo de Libro
Botnet Behavior Detection using Network Synchronism
Título del libro: Privacy, Intrusion Detection and Response: Technologies for Protecting Networks
García, Sebastián
; Zunino Suarez, Alejandro Octavio
; Campo, Marcelo Ricardo
; Zunino Suarez, Alejandro Octavio
; Campo, Marcelo Ricardo
Otros responsables:
Kabiri, Peyman
Fecha de publicación:
2011
Editorial:
Igi Publ
ISBN:
9781609608361
Idioma:
Inglés
Clasificación temática:
Resumen
Botnets’ diversity and dynamism challenge detection and classification algorithms depend heavily on static or protocol-dependant features. Several methods showing promising results were proposed using behavioral-based approaches. The authors conducted an analysis of botnets’ and bots’ most inherent characteristics such as synchronism and network load within specific time windows to detect them more efficiently. By not relying on any specific protocol, our proposed approach detects infected computers by clustering bots’ network behavioral characteristics using the Expectation-Maximization algorithm. An encouraging false positive error rate of 0.7% shows that bots’ traffic can be accurately separated by our approach by analyzing several bots and non-botnet network captures and applying a detailed analysis of error rates.
Palabras clave:
Botnet
,
detection
,
Clustering
,
EM algorithm
Archivos asociados
Tamaño:
419.7Kb
Formato:
PDF
Licencia
Excepto donde se diga explícitamente, este item se publica bajo la siguiente descripción:
Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Unported (CC BY-NC-SA 2.5)
Identificadores
Colecciones
Capítulos de libros(ISISTAN)
Capítulos de libros de INSTITUTO SUPERIOR DE INGENIERIA DEL SOFTWARE
Capítulos de libros de INSTITUTO SUPERIOR DE INGENIERIA DEL SOFTWARE
Citación
García, Sebastián; Zunino Suarez, Alejandro Octavio; Campo, Marcelo Ricardo; Botnet Behavior Detection using Network Synchronism; Igi Publ; 2011; 122-144
Compartir
