A tutorial on learning with Bayesian networks
Learning in graphical models
DNS and BIND
A statistical approach to the spam problem
Linux Journal
Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification
Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification
Detecting mass-mailing worm infected hosts by mining DNS traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Botnet Detection by Monitoring Group Activities in DNS Traffic
CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Clustering botnet communication traffic based on n-gram feature selection
Computer Communications
A new statistical approach to DNS traffic anomaly detection
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting parasite p2p botnet in eMule-like networks through quasi-periodicity recognition
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Bots often are detected by their communication with a command and control (C&C) infrastructure. To evade detection, botmasters are increasingly obfuscating C&C communications, e.g., by using fastflux or peer-to-peer protocols. However, commands tend to elicit similar actions in bots of a same botnet. We propose and evaluate a Bayesian approach for detecting bots based on the similarity of their DNS traffic to that of known bots. Experimental results and sensitivity analysis suggest that the proposed method is effective and robust.