This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
US-CERT Vulnerability Notes Database. http://www.kb.cert.org/vuls/.
Paul Barford and Vinod Yegneswaran. An inside look at botnets (to appear in series: Advances in information security, springer), 2006.
A. Blum, D. Song, and S. Venkataraman. Detection of interactive stepping stones: Algorithms and confidence bounds. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID ’04), September 2004.
David Dagon, Cliff Zou, and Wenke Lee. Modeling botnet propagation using time zones. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS ’06), February 2006.
Defense Security Service. Memorandum for facility security officers: Foreign-based threat to defense contractor unclassified networks, October 18, 2005.
Christian Dewes, Arne Wichmann, and Anja Feldmann. An analysis of internet chat systems. In IMC ’03: Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, pages 51–64, New York, NY, USA, 2003. ACM Press.
David L. Donoho, Ana Georgina Flesia, Umesh Shankar, Vern Paxson, Jason Coit, and Stuart Staniford. Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In Proc. International Symposium on Recent Advances in Intrusion Detection, pages 17–35, October 2002.
Richard O. Duda, Peter E. Hart, and David G. Stork. Pattern Classification. John Wiley & Sons, Inc., 2 edition, 2001.
T. He and L. Tong. Detecting encrypted stepping-stone connections. IEEE Transactions on Signal Processing, 2007.
Thorsten Holz. A Short Visit to the Bot Zoo. IEEE Security & Privacy, 3(3):76–79, May 2005.
Kevin J. Houle and George M. Weaver. Trends in denial of service technology. CERT Coordination Center, October 2001.
A. Householder, Art Manion, Linda Pesante, George M. Weaver, and Rob Thomas. Managing the threat of denial-of-service attacks. CERT Coordination Center, October 2001.
S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-sale: Surviving organized ddos attacks that mimic flash crowds. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation, May 2005.
Anestis Karasaridis, Brian Rexroad, and David Hoeflin. Wide-scale botnet detection and characterization. In Proceedings of the First Workshop on Hot Topics in Understanding Botnets, April 2007.
David Kotz and Tristan Henderson. CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth. IEEE Pervasive Computing, 4(4), oct-dec 2006.
Elias Levy. The Making of a Spam Zombie Army. IEEE Security & Privacy, 1(4):58–59, July 2003.
Carl Livadas, Robert Walsh, David Lapsley, and W. Timothy Strayer. Using Machine Learning Techniques to Identify Botnet Traffic. In Proceedings of the 2nd IEEE LCN Workshop on Network Security, 2006.
Bill McCarty. Automated Identity Theft. IEEE Security & Privacy, 1(5):89–92, September 2003.
Bill McCarty. Botnets: Big and Bigger. IEEE Security & Privacy, 1(4):87–90, July 2003.
Andrew W. Moore and Denis Zuev. Internet traffic classification using bayesian analysis techniques. In SIGMETRICS ’05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pages 50–60, New York, NY, USA, 2005. ACM Press.
21. R. Naraine. Botnet hunters search for ‘command and control’ servers. eWeek, June 17, 2005.
National Infrastructure Security Coordination Center. Targeted trojan email attacks. NISCC Briefing 08/2005, June 16, 2005.
Anirudh Ramachandran, Nick Feamster, and David Dagon. Revealing botnet membership using DNSBL counter-intelligence. In Proceedings of the 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006.
Matthew Roughan, Subhabrata Sen, Oliver Spatscheck, and Nick Duffield. Class-ofservice mapping for qos: a statistical signature-based approach to ip traffic classification. In IMC ’04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 135–148, New York, NY, USA, 2004. ACM Press.
Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. In WWW ’04: Proceedings of the 13th international conference on World Wide Web, pages 512–521, New York, NY, USA, 2004. ACM Press.
Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer. Single-packet IP traceback. ACM/IEEE Trans. on Networking, December 2002.
W. Timothy Strayer, Christine Jones, Beverley Schwartz, Sarah Edwards, Walter Mil-liken, and Alden Jackson. Efficient multi-dimensional flow correlation. In Proceedings of the 32st IEEE Conference on Local Computer Networks (LCN’07), November 2007. Submitted for publication.
W. Timothy Strayer, Christine Jones, Beverly Schwartz, Joanne Mikkelson, and Carl Livadas. Architecture for Multi-Stage Network Attack Traceback. In Proceedings of the IEEE LCN Workshop on Network Security (WoNS 2005), Sydney, Australia, November 2005.
W. Timothy Strayer, Robert Walsh, Carl Livadas, and David Lapsley. Detecting Botnets with Tight Command and Control. In Proceedings of the 31st IEEE Conference on Local Computer Networks (LCN’06), November 2006.
Symantec. Symantec Internet Security Threat Report. Trends for July – December 06, March 2007.
The Honeynet Project. Know Your Enemy : Learning about Security Threats. Addison-Wesley Professional; 2 edition (May 17, 2004), March 2004.
Rob Thormeyer. Hacker arrested for breaching dod systems with ‘botnets’. Government Computer News, November 4, 2005.
Xinyuan Wang, Douglas S. Reeves, and S. Felix Wu. Inter-packet delay based correlation for tracing encrypted connections through stepping stones. In Proc. European Symposium on Research in Computer Security, pages 244–263, October 2002.
Ian H. Witten and Eibe Frank. Data Mining: Practical Machine Learning Tools and Techniques (2nd Edition). Morgan Kaufmann, San Francisco, CA, 2005.
Kunikazu Yoda and Hiroaki Etoh. Finding a connection chain for tracing intruders. In Proc. European Symposium on Research in Computer Security, pages 191–205, October 2000.
L. Zhang, A. G. Persaud, A. Johnson, and Y. Guan. Detection of stepping stone attacks under delay and chaff perturbations. In Proceedings of the 25th IEEE International Performance Computing and Communications Conference, April 2006.
Yin Zhang and Vern Paxson. Detecting stepping stones. In Proc. USENIX Security Symposium ’00, pages 171–184, August 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C. (2008). Botnet Detection Based on Network Behavior. In: Lee, W., Wang, C., Dagon, D. (eds) Botnet Detection. Advances in Information Security, vol 36. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-68768-1_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-68768-1_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-68766-7
Online ISBN: 978-0-387-68768-1
eBook Packages: Computer ScienceComputer Science (R0)