On Detection of Storm Botnets
نویسندگان
چکیده
A botnet, which is a group of compromised and remotelycontrolled computers (also called bots), poses a serious threat to the Internet. The commonly-used command and control (C&C) channel for a botnet is used by a central server, such as IRC or HTTP. Recently, Storm botnet, a P2Pbased botnet with a decentralized C&C channel has appeared in the wild. In this paper, we propose a distributed approach to detection of Storm botnets at the network level. Our approach is composed of two stages. First, we identify P2P and SMTP packets from each host’s traffic. Second, we use a machine learning technique to differentiate Storm from benign P2P traffic based on several distinguishing traffic attributes. Both of the two stages only require packet header information without analyzing payloads. Our evaluation has shown the detection strategy to be effective with low false alarm rates.
منابع مشابه
BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملBotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملP2p behaviour detection pdf
Or traceback, thus making the detection of P2P bots is a real challenge. Fected machine by correlating bots behavioural attributes. Peacomm Storm P2P bot is. Stegginkrp1p2pdetect conceptpaper.pdf?id2007-2008. And focus on CC channel detection for P2P botnets that use multiple protocols randomly chosen for CC. We first consider a clustering based node behavior profiling approach to capture the n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009