Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior
SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Botnet Detection by Monitoring Group Activities in DNS Traffic
CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
SS'08 Proceedings of the 17th conference on Security symposium
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
BotCop: An Online Botnet Traffic Classifier
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
A Survey on the Use of Traffic Traces to Battle Internet Threats
WKDD '10 Proceedings of the 2010 Third International Conference on Knowledge Discovery and Data Mining
Sketch-Based Streaming PCA Algorithm for Network-Wide Traffic Anomaly Detection
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
Are Your Hosts Trading or Plotting? Telling P2P File-Sharing and Bots Apart
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
Random multiclass classification: generalizing random forests to random MNL and random NB
DEXA'07 Proceedings of the 18th international conference on Database and Expert Systems Applications
| Hi-index | 0.00 |
Many different approaches have been used to target Internet security throughout time. It is now easy to realize the attackers' motivational shifts from the early days of lonely, proud-based, virus development to the recent eras of cooperative Internet cyber criminality where high profit and damage became a reality. Among the vast spectrum of tools available to perpetrate attacks on information networks, botnets are becoming more and more popular due to its scalability, attack power, return and cooperation capabilities. Evolved programming skills and sophisticated tools also come to scene allowing the appearance of corresponding more evolved malware. New, constantly appearing, malware developments in host infection, deployment, maintenance, control and dissimulation of bots keep changing the existing detection vectors creating the need for detection systems that go beyond signature-based detection approaches. In that way, research and implementation of anomaly-based botnet detection systems is fundamental to keep up with the continuously changing scenario of polymorphic botnets variants. This paper presents the research and tests made to define an effective set of traffic parameters capable of modeling both normal and abnormal activity of networks, focusing on botnet activity detection through anomalous and cooperative behavior. A detection framework prototype is also proposed and tested using real traffic collected in the University of Minho campi edge. In the end, the results of the test-runs executed on the developed detection framework are presented and discussed.