BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic

机译：BotGAD：通过捕获网络流量中的组活动来检测僵尸网络

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Recent malicious attempts are intended to obtain financial benefits using a botnet which has become one of the major Internet security problems. Botnets can cause severe Internet threats such as DDoS attacks, identity theft, spamming, click fraud. In this paper, we define a group activity as an inherent property of the botnet. Based on the group activity model and metric, we develop a botnet detection mechanism, called BotGAD (Botnet Group Activity Detector). BotGAD enables to detect unknown botnets from large scale networks in real-time. Botnets frequently use DNS to rally infected hosts, launch attacks and update their codes. We implemented BotGAD using DNS traffic and showed the effectiveness by experiments on real-life network traces. BotGAD captured 20 unknown and 10 known botnets from two day campus network traces.

机译：最近的恶意尝试旨在使用僵尸网络获得经济利益，该僵尸网络已成为主要的Internet安全问题之一。僵尸网络可能会导致严重的Internet威胁，例如DDoS攻击，身份盗用，垃圾邮件，点击欺诈。在本文中，我们将组活动定义为僵尸网络的固有属性。基于小组活动模型和指标，我们开发了一种称为BotGAD（僵尸网络小组活动检测器）的僵尸网络检测机制。 BotGAD能够实时检测来自大型网络的未知僵尸网络。僵尸网络经常使用DNS召集受感染的主机，发起攻击并更新其代码。我们使用DNS流量实施了BotGAD，并通过对真实网络跟踪的实验证明了其有效性。 BotGAD从为期两天的校园网络跟踪中捕获了20个未知的僵尸网络和10个已知的僵尸网络。

著录项

来源
《4th International conference on communication system software and middleware 2009》|2009年|p.13-20|共8页
会议地点 Dublin(IE);Dublin(IE)
作者
Hyunsang Choi; Heejo Lee; Hyogon Kim;
展开▼
作者单位

Div. of Computer Communication Engineering Korea University Seoul, South KOREA;

Div. of Computer Communication Engineering Korea University Seoul, South KOREA;

Div. of Computer Communication Engineering Korea University Seoul, South KOREA;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类软件工程;通信;
关键词

相似文献

外文文献
中文文献
专利

1. BotCapturer: Detecting Botnets based on Two-Layered Analysis with Graph Anomaly Detection and Network Traffic Clustering [J] . Wei Wang, Yang Wang, Xinlu Tan, International Journal of Performability Engineering . 2018,第5期

机译：Botcapture：基于Traph异常检测和网络流量聚类的两层分析检测僵尸网络
2. Identifying botnets by capturing group activities in DNS traffic [J] . Hyunsang Choi, Heejo Lee Computer networks . 2012,第1期

机译：通过捕获DNS流量中的组活动来识别僵尸网络
3. Detecting domain-flux botnet based on DNS traffic features in managed network [J] . Dinh-Tu Truong, Cheng Guang Security and Communications Networks . 2016,第14期

机译：根据托管网络中DNS流量功能检测域通量僵尸网络
4. A Novel Approach for Detecting IoT Botnet Using Balanced Network Traffic Attributes [C] . M. Shobana, Sugumaran Poonkuzhali International Conference on Service-Oriented Computing;International Workshop on Artificial Intelligence for IT Operations;International Workshop on Cyber Forensics and Threat Investigations Challenges in Emerging Infrastructures;Workshop on Smart Data Integration and Processing;International Workshop on AI-enabled Process Automation;International Workshop on Artificial Intelligence in the IoT Security Services . 2020

机译：一种使用平衡网络流量属性检测物联网僵尸网络的新方法
5. Detecting Advanced Botnets in Enterprise Networks. [D] . Zhang, Han. 2017

机译：在企业网络中检测高级僵尸网络。
6. An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic [O] . Basil AsSadhan, José M.F. Moura 2014

机译：通过分析控制平面流量来检测僵尸网络流量中周期性行为的有效方法
7. Detecting Botnet based on Network Traffic [O] . Nguyen Vuong Tuan Hiep 2020

机译：根据网络流量检测僵尸网络

BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic

摘要

著录项

相似文献

相关主题

期刊订阅