• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>4th ACM symposium on information, computer and communications security 2009 >Automatic Discovery of Botnet Communities on Large-Scale Communication Networks
【24h】

Automatic Discovery of Botnet Communities on Large-Scale Communication Networks

机译:在大型通信网络上自动发现僵尸网络社区

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Botnets are networks of compromised computers infected with malicious code that can be controlled remotely under a common command and control (C&C) channel. Recognized as one the most serious security threats on current Internet infrastructure, advanced botnets are hidden not only in existing well known network applications (e.g. IRC, HTTP, or Peer-to-Peer) but also in some unknown or novel (creative) applications, which makes the botnet detection a challenging problem. Most current attempts for detecting botnets are to examine traffic content for bot signatures on selected network links or by setting up honeypots. In this paper, we propose a new hierarchical framework to automatically discover botnets on a large-scale WiFi ISP network, in which we first classify the network traffic into different application communities by using payload signatures and a novel cross-association clustering algorithm, and then on each obtained application community, we analyze the temporal-frequent characteristics of flows that lead to the differentiation of malicious channels created by bots from normal traffic generated by human beings. We evaluate our approach with about 100 million flows collected over three consecutive days on a large-scale WiFi ISP network and results show the proposed approach successfully detects two types of botnet application flows (i.e. Blackenergy HTTP bot and Kaiten IRC bot) from about 100 million flows with a high detection rate and an acceptable low false alarm rate.
机译:僵尸网络是感染了恶意代码的受感染计算机的网络,可以通过通用命令与控制(C&C)通道进行远程控制。高级僵尸网络被公认为是当前Internet基础架构上最严重的安全威胁之一,不仅隐藏在现有的知名网络应用程序(例如IRC,HTTP或Peer-to-Peer)中,而且还隐藏在某些未知或新颖的(创意)应用程序中,这使得僵尸网络检测成为一个具有挑战性的问题。当前检测僵尸网络的大多数尝试是在选定的网络链路上或通过设置蜜罐来检查流量内容以获取僵尸签名。在本文中,我们提出了一个新的层次结构框架,用于在大规模WiFi ISP网络上自动发现僵尸网络,其中我们首先使用有效负载签名和新颖的交叉关联聚类算法将网络流量分为不同的应用程序社区,然后在每个获得的应用程序社区上,我们分析了流量的时态特征,这些特征导致机器人创建的恶意通道与人为产生的正常流量有所区别。我们通过在大型WiFi ISP网络上连续三天收集了大约1亿个流量来评估我们的方法,结果表明,该方法成功地从大约1亿个中成功检测到两种类型的僵尸网络应用程序流(即Blackenergy HTTP bot和Kaiten IRC bot)以高检测率和可接受的低误报警率流动。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号