BotCVD: Visual analysis of DNS traffic for botnet detection

被引:0
|
作者
机构
[1] College of Information Technical Science, Nankai University, Tianjin
[2] School of Mathematical Sciences, Peking University, Beijing
来源
Jiang, H. (hellojhl@163.com) | 1600年 / Advanced Institute of Convergence Information Technology卷 / 04期
关键词
Botnet detection; DNS traffic; Server-host pair; VAT; Visualize;
D O I
10.4156/AISS.vol4.issue8.32
中图分类号
学科分类号
摘要
Botnets become one of the serious threats to the Internet. In this paper, we design a light-weighted approach-BotCVD (Bot Cluster Visual Detector) to detect botnet by visually analyzing DNS traffic. To avoid the confusion of the normal DNS traffic, BotCVD analyzes the features of server-host pairs instead of single hosts. Since bots in the same botnet behave similarly in DNS queries, BotCVD visually cluster server-host pairs by computing the dissimilarity matrix of server-host pairs. Through an ordered dissimilarity image, BotCVD could clearly show botnet clusters and detect the infected hosts and malicious servers. Experimental results on real-world network traces merged with synthetic botnet traces indicate that BotCVD can (i) visualize botnet clusters and (ii) detect botnets with a high detection rate and a low false positive rate.
引用
收藏
页码:264 / 273
页数:9
相关论文
共 50 条
  • [21] Visualization of Invariant Bot Behavior for Effective Botnet Traffic Detection
    Shahrestani, Alireza
    Feily, Maryam
    Masood, Mona
    Muniandy, Balakrishnan
    2012 INTERNATIONAL SYMPOSIUM ON TELECOMMUNICATION TECHNOLOGIES (ISTT), 2012, : 325 - 330
  • [22] Fast-flux Botnet Detection from Network Traffic
    Paul, Tuhin
    Tyagi, Rohit
    Manoj, B. S.
    Thanudas, B.
    2014 ANNUAL IEEE INDIA CONFERENCE (INDICON), 2014,
  • [23] Detection of Botnet traffic by using Neuro-fuzzy based Intrusion Detection
    Pradeepthi, K., V
    Kannan, A.
    2018 10TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING (ICOAC), 2018, : 118 - 123
  • [24] On the Analysis and Detection of Mobile Botnet Applications
    Karim, Ahmad
    Salleh, Rosli
    Khan, Muhammad Khurram
    Siddiqa, Aisha
    Choo, Kim-Kwang Raymond
    JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2016, 22 (04) : 567 - 588
  • [25] A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems
    Duan, Li
    Zhou, Jingxian
    Wu, You
    Xu, Wenyao
    INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS, 2022, 18 (03)
  • [26] Determining OS and Applications by DNS Traffic Analysis
    Voronov, Igor
    Gnezdilov, Kirill
    PROCEEDINGS OF THE 2021 IEEE CONFERENCE OF RUSSIAN YOUNG RESEARCHERS IN ELECTRICAL AND ELECTRONIC ENGINEERING (ELCONRUS), 2021, : 72 - 76
  • [27] Botnet Detection: A Numerical and Heuristic Analysis
    Mendonca, Luis
    Santos, Henrique
    PROCEEDINGS OF THE 10TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2011, : 185 - 193
  • [28] A Survey of Botnet and Botnet Detection
    Feily, Maryam
    Shahrestani, Alireza
    Ramadass, Sureswaran
    2009 THIRD INTERNATIONAL CONFERENCE ON EMERGING SECURITY INFORMATION, SYSTEMS, AND TECHNOLOGIES, 2009, : 268 - +
  • [29] A Novel Traffic Analysis Model for Botnet Discovery in Dynamic Network
    P. Panimalar
    K. Rameshkumar
    Arabian Journal for Science and Engineering, 2019, 44 : 3033 - 3042
  • [30] Detecting botnet by anomalous traffic
    Chen, Chia-Mei
    Lin, Hsiao-Chung
    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2015, 21 : 42 - 51
12345