BotCVD: Visual analysis of DNS traffic for botnet detection

被引:0
|
作者
机构
[1] College of Information Technical Science, Nankai University, Tianjin
[2] School of Mathematical Sciences, Peking University, Beijing
来源
Jiang, H. (hellojhl@163.com) | 1600年 / Advanced Institute of Convergence Information Technology卷 / 04期
关键词
Botnet detection; DNS traffic; Server-host pair; VAT; Visualize;
D O I
10.4156/AISS.vol4.issue8.32
中图分类号
学科分类号
摘要
Botnets become one of the serious threats to the Internet. In this paper, we design a light-weighted approach-BotCVD (Bot Cluster Visual Detector) to detect botnet by visually analyzing DNS traffic. To avoid the confusion of the normal DNS traffic, BotCVD analyzes the features of server-host pairs instead of single hosts. Since bots in the same botnet behave similarly in DNS queries, BotCVD visually cluster server-host pairs by computing the dissimilarity matrix of server-host pairs. Through an ordered dissimilarity image, BotCVD could clearly show botnet clusters and detect the infected hosts and malicious servers. Experimental results on real-world network traces merged with synthetic botnet traces indicate that BotCVD can (i) visualize botnet clusters and (ii) detect botnets with a high detection rate and a low false positive rate.
引用
收藏
页码:264 / 273
页数:9
相关论文
共 50 条
  • [41] Traffic Feature-Based Botnet Detection Scheme Emphasizing the Importance of Long Patterns
    An, Yichen
    Haruta, Shuichiro
    Choi, Sanghun
    Sasase, Iwao
    IMAGE PROCESSING AND COMMUNICATIONS: TECHNIQUES, ALGORITHMS AND APPLICATIONS, 2020, 1062 : 181 - 188
  • [42] A Comparative Analysis of Machine Learning Techniques for Botnet Detection
    Bansal, Ankit
    Mahapatra, Sudipta
    SIN'17: PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS, 2017, : 91 - 98
  • [43] Traffic feature-based botnet detection scheme emphasizing the importance of long patterns
    An, Yichen
    Haruta, Shuichiro
    Choi, Sanghun
    Sasase, Iwao
    IEICE COMMUNICATIONS EXPRESS, 2020, 9 (01): : 7 - 12
  • [44] An Analysis of Recurrent Neural Networks for Botnet Detection Behavior
    Torres, Pablo
    Catania, Carlos
    Garcia, Sebastian
    Garcia Garino, Carlos
    2016 IEEE BIENNIAL CONGRESS OF ARGENTINA (ARGENCON), 2016,
  • [45] Security is Readily to Interpret: Quantitative Feature Analysis for Botnet Encrypted Malicious Traffic
    Chen, Long
    Wang, Qiaojuan
    Song, Yanqing
    Chen, Jianguo
    2023 IEEE 47TH ANNUAL COMPUTERS, SOFTWARE, AND APPLICATIONS CONFERENCE, COMPSAC, 2023, : 753 - 758
  • [46] CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis
    Dietrich, Christian J.
    Rossow, Christian
    Pohlmann, Norbert
    COMPUTER NETWORKS, 2013, 57 (02) : 475 - 486
  • [47] DeDroid: A Mobile Botnet Detection Approach Based on Static Analysis
    Karim, Ahmad
    Salleh, Rosli
    Shah, Syed Adeel Ali
    IEEE 12TH INT CONF UBIQUITOUS INTELLIGENCE & COMP/IEEE 12TH INT CONF ADV & TRUSTED COMP/IEEE 15TH INT CONF SCALABLE COMP & COMMUN/IEEE INT CONF CLOUD & BIG DATA COMP/IEEE INT CONF INTERNET PEOPLE AND ASSOCIATED SYMPOSIA/WORKSHOPS, 2015, : 1327 - 1332
  • [48] Cooperative Network Behaviour Analysis Model for Mobile Botnet Detection
    Eslahi, Meisam
    Yousefi, Moslem
    Naseri, Maryam Var
    Yussof, Y. M.
    Tahir, N. M.
    Hashim, H.
    2016 IEEE SYMPOSIUM ON COMPUTER APPLICATIONS & INDUSTRIAL ELECTRONICS (ISCAIE), 2016, : 107 - 112
  • [49] Botnet Detection Techniques: A Review
    Khehra, Gulbadan
    Sofat, Sanjeev
    PROCEEDINGS OF THE 2018 SECOND INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL SYSTEMS (ICICCS), 2018, : 1319 - 1326
  • [50] Botnet and P2P Botnet Detection Strategies: A Review
    Dhayal, Himanshi
    Kumar, Jitender
    PROCEEDINGS OF THE 2018 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATION AND SIGNAL PROCESSING (ICCSP), 2018, : 1077 - 1082
12345