Information Theory, Inference & Learning Algorithms
Information Theory, Inference & Learning Algorithms
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BotTracer: Execution-Based Bot-Like Malware Detection
ISC '08 Proceedings of the 11th international conference on Information Security
A First Step towards Live Botmaster Traceback
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A large-scale study of automated web search traffic
AIRWeb '08 Proceedings of the 4th international workshop on Adversarial information retrieval on the web
Towards systematic evaluation of the evadability of bot/botnet detection methods
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
SS'08 Proceedings of the 17th conference on Security symposium
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
BotCop: An Online Botnet Traffic Classifier
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BotGAD: detecting botnets by capturing group activities in network traffic
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
Challenging statistical classification for operational usage: the ADSL case
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Creation of the importance scanning worm using information collected by Botnets
Computer Communications
Differential privacy for collaborative security
Proceedings of the Third European Workshop on System Security
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
JUST-google: a search engine-based defense against botnet-based DDoS attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
Detection of spam hosts and spam bots using network flow traffic modeling
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Inference and analysis of formal models of botnet command and control protocols
Proceedings of the 17th ACM conference on Computer and communications security
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Social network-based botnet command-and-control: emerging threats and countermeasures
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Quarantine technology using botnets information
ACS'10 Proceedings of the 10th WSEAS international conference on Applied computer science
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Boosting the scalability of botnet detection using adaptive traffic sampling
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
AntBot: Anti-pollution peer-to-peer botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
BotTrack: tracking botnets using NetFlow and PageRank
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Cleaning your house first: shifting the paradigm on how to secure networks
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Quantitatively analyzing stealthy communication channels
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Challenges in experimenting with botnet detection systems
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Stegobot: a covert social network botnet
IH'11 Proceedings of the 13th international conference on Information hiding
RatBot: anti-enumeration peer-to-peer botnets
ISC'11 Proceedings of the 14th international conference on Information security
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
User-Assisted host-based detection of outbound malware traffic
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Threat Modeling: Herdict: A distributed model for threats online
Network Security
HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Botnets: a heuristic-based detection framework
Proceedings of the Fifth International Conference on Security of Information and Networks
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Proceedings of the 28th Annual Computer Security Applications Conference
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Computer Networks: The International Journal of Computer and Telecommunications Networking
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
NetGator: malware detection using program interactive challenges
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
EFFORT: A new host-network cooperated framework for efficient and effective bot malware detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Search engine click spam detection based on bipartite graph propagation
Proceedings of the 7th ACM international conference on Web search and data mining
HTTP botnet detection using hidden semi-Markov model with SNMP MIB variables
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
Malicious botnets are networks of compromised computers that are controlled remotely to perform large-scale distributed denial-of-service (DDoS) attacks, send spam, trojan and phishing emails, distribute pirated media or conduct other usually illegitimate activities. This paper describes a methodology to detect, track and characterize botnets on a large Tier-1 ISP network. The approach presented here differs from previous attempts to detect botnets by employing scalable non-intrusive algorithms that analyze vast amounts of summary traffic data collected on selected network links. Our botnet analysis is performed mostly on transport layer data and thus does not depend on particular application layer information. Our algorithms produce alerts with information about controllers. Alerts are followed up with analysis of application layer data, that indicates less than 2% false positive rates.