Foundations of statistical natural language processing
Foundations of statistical natural language processing
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Botnet traffic detection using hidden Markov models
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
P2P hierarchical botnet traffic detection using hidden Markov models
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Hi-index | 0.00 |
Botnets are becoming a major source of spam, private data and money steal and other cybercrime. During the battle with security communities, botnets became Tailored Trustworthy Spaces (TTS). Bot herders first used encryption and access control of the botnet command and control channel to secure botnet communications. The use of fastflux and P2P technologies help botnets become more resilient to detection and takendown. Their fast evolving propagation, command and control, and attacks make botnets good examples of moving targets. Detecting and removing botnets has become a difficult and important task for security community. In this paper, we apply timing analysis on P2P hierarchical botnet traffic, since timing signatures commonly exist in automated network processes. We extend previous work to use probabilistic context-free grammars (PCFGs), a more expressive grammar in the Chomsky hierarchy. Experiment results of simulated P2P botnet show that PCFGs have accurate detection rates. Our approach provides possible "exploits" to compromise TTS and moving target systems. Therefore timing signatures should be considered in design to make the system more secure and resilient.