Method of detecting IRC Botnet based on the multi-features of traffic flow

被引：0

作者：

Yan, Jian-En ^{[1
]}

Yuan, Chun-Yang ^{[2
]}

Xu, Hai-Yan ^{[1
]}

Zhang, Zhao-Xin ^{[1
]}

机构：

[1] School of Computer Science and Technology, Harbin Institute of Technology

[2] National Computer Network Emergency Response Technical Team/Coordination Center of China

来源：

Tongxin Xuebao/Journal on Communications | 2013年 / 34卷 / 10期

关键词：

Botnet; Cluster analysis; IRC protocol; Traffic flow;

D O I：

10.3969/j.issn.1000-436x.2013.10.006

中图分类号：

学科分类号：

摘要：

To resolve the problem of detecting IRC Botnet, a method based on traffic flow characteristics was proposed. The characteristics of Botnet channel traffic were analyzed in different periods such as data-clustering, data-similarity, the average length of packet, peak of synchronized traffic, and peak of collaborative synchronized traffic, and these characteristics were used to detect the botnet. In analyzing, improved max-min distance means and k-means cluster analysis algorithm were also presented to promote the efficiency of data clustering. At last, the availability of the method was verified by experiment.

引用

页码：49 / 55+64

共 15 条

[1] Zhuge J.W., Han X.H., Zhou Y.L., Et al., Research and development of Botnets, Journal of Software, 3, pp. 702-715, (2008)
[2] CNCERT/CC Internet security threat repor, (2012)
[3] Jiang J., Zhuge J.W., Duan X.H., Et al., Research on Botnet mechanisms and defenses, Journal of Software, 23, 1, pp. 82-96, (2012)
[4] Fedynyshyn G., Chuah M., Tan G., Detection and classification of different Botnet C&C channels, Proceedings of the 8th International Conference, pp. 228-242, (2011)
[5] Binkley J.R., Singh S., An algorithm for anomaly-based Botnet detection, Proceedings of the 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, pp. 43-48, (2006)
[6] Tsai M.H., Chang K.C., Lin C.C., Et al., C&C tracer: Botnet command and control behavior tracing, Proceedings of the 2011 IEEE International Conference on Systems, Man and Cybernetics (SMC), pp. 1859-1864, (2011)
[7] Giroire F., Chandrashekar J., Taft N., Et al., Exploiting temporal persistence to detect covert botnet channels, Proceedings of the Recent Advances in Intrusion Detection, pp. 326-345, (2009)
[8] Lu C., Brooks R., Botnet traffic detection using hidden Markova models, Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, (2011)
[9] Brezo F., Santos I., Bringas P.G., Et al., Challenges and limitations in current botnet detection, Proceedings of the 22nd International Workshop on Database and Expert Systems Applications (DEXA), pp. 95-101, (2011)
[10] Hua J., Sakurai K., Botnet command and control based on short message service and human mobility, Computer Networks, 57, pp. 579-597, (2012)

← 1 2 →