Cited By
View all- Prasad RRohokale VPrasad RRohokale V(2019)BOTNETCyber Security: The Lifeline of Information and Communication Technology10.1007/978-3-030-31703-4_4(43-65)Online publication date: 18-Oct-2019
Timing analysis in P2P botnet traffic using probabilistic context-free grammars
Article No.: 14, Pages 1 - 4
Abstract
Botnets are becoming a major source of spam, private data and money steal and other cybercrime. During the battle with security communities, botnets became Tailored Trustworthy Spaces (TTS). Bot herders first used encryption and access control of the botnet command and control channel to secure botnet communications. The use of fastflux and P2P technologies help botnets become more resilient to detection and takendown. Their fast evolving propagation, command and control, and attacks make botnets good examples of moving targets. Detecting and removing botnets has become a difficult and important task for security community. In this paper, we apply timing analysis on P2P hierarchical botnet traffic, since timing signatures commonly exist in automated network processes. We extend previous work to use probabilistic context-free grammars (PCFGs), a more expressive grammar in the Chomsky hierarchy. Experiment results of simulated P2P botnet show that PCFGs have accurate detection rates. Our approach provides possible "exploits" to compromise TTS and moving target systems. Therefore timing signatures should be considered in design to make the system more secure and resilient.
References
[1]
Citadel - An Open-Source Malware Project. http://blog.seculert.com/2012/02/citadel-open-source-malware-project.html.
[2]
Robot Wars - How Botnets Work. http://www.windowsecurity.com/articles/robot-wars-how-botnets-work.html.
[3]
The threat from P2P botnets. http://www.securelist.com/en/blog/654/Lab_Matters_The_threat_from_P2P_botnets.
[4]
ZeuS Gets More Sophisticated Using P2P Techniques. http://www.abuse.ch/?p=3499.
[5]
Zeus: God of DIY Botnets. http://www.fortiguard.com/analysis/zeusanalysis.html.
[6]
A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, techniques, and tools, 2nd edition. Pearson Education Inc., 2006.
[7]
M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir. A survey of botnet technology and defenses. Conference For Homeland Security, Cybersecurity Applications and Technology, 0:299--304, 2009.
[8]
S. Geman and M. Johnson. Probabilistic grammars and their applications. In International Encyclopedia of the Social & Behavioral Sciences, pages 12075--12082, 2002.
[9]
C. Lu and R. Brooks. Botnet traffic detection using hidden markov models. In Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW '11, pages 31:1--31:1, New York, NY, USA, 2011. ACM.
[10]
C. Lu and R. Brooks. P2p hierarchical botnet traffic detection using hidden markov models. Learning from Authoritative Security Experiment Results Workshop Proceedings, 2012.
[11]
C. D. Manning and H. Schutze. Foundations of statistical natural language processing. The MIT Press, 1999.
[12]
J. Neter, W. Wasserman, and M. H. Kutner. Applied linear regression models. Irwin Press, 1989.
[13]
C. Noam. Three models for the description of language. Information Theory, IRE Transactions, 2(3):113--124, 1956.
[14]
G. Ollmann. Botnet communication topologies. White Paper of Damballa, 2009.
[15]
L. Wei, T. Mahbod, and A. A. Ghorbani. Automatic discovery of botnet communities on large-scale communication networks. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, pages 1--10, New York, NY, USA, 2009. ACM.
[16]
C. Wilson. Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress. CRS Report for Congress, 2009.
[17]
D. Zwillinger. Standard mathematical tables and formulae. Chapman & Hall/CRC, 2003.
Index Terms
- Timing analysis in P2P botnet traffic using probabilistic context-free grammars
Recommendations
P2P hierarchical botnet traffic detection using hidden Markov models
LASER '12: Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment ResultsBotnets are a major source of spam, distributed denial-of-service attacks (DDoS) and other cybercrime [21]. Compromised computers are usually controlled by a centralized Command and Control (C&C) server. Hidden Markov models (HMMs) have been used ...
Detecting botnet by anomalous traffic
Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their existence. Therefore they have become one of the most severe threats on the Internet. The core component of botnets is their command and ...
A Botnet Detecting Infrastructure Using a Beneficial Botnet
SIGUCCS '18: Proceedings of the 2018 ACM SIGUCCS Annual ConferenceA beneficial botnet, which tries to cope with technology of malicious botnets such as peer to peer (P2P) networking and Domain Generation Algorithm (DGA), is discussed. In order to cope with such botnets' technology, we are developing a beneficial ...
Comments
Information & Contributors
Information
Published In
January 2013
282 pages
ISBN:9781450316873
DOI:10.1145/2459976
Copyright © 2013 Authors.
Sponsors
- Los Alamos National Labs: Los Alamos National Labs
- Sandia National Labs: Sandia National Laboratories
- DOE: Department of Energy
- Oak Ridge National Laboratory
- Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
- BERKELEYLAB: Lawrence National Berkeley Laboratory
- Argonne Natl Lab: Argonne National Lab
- Idaho National Lab.: Idaho National Laboratory
- Pacific Northwest National Laboratory
- Nevada National Security Site: Nevada National Security Site
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 January 2013
Check for updates
Qualifiers
- Research-article
Funding Sources
Conference
CSIIRW '13
Sponsor:
- Los Alamos National Labs
- Sandia National Labs
- DOE
- Lawrence Livermore National Lab.
- BERKELEYLAB
- Argonne Natl Lab
- Idaho National Lab.
- Nevada National Security Site
CSIIRW '13: Cyber Security and Information Intelligence
January 8 - 10, 2013
Tennessee, Oak Ridge, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 207Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
Cited By
View all- Prasad RRohokale VPrasad RRohokale V(2019)BOTNETCyber Security: The Lifeline of Information and Communication Technology10.1007/978-3-030-31703-4_4(43-65)Online publication date: 18-Oct-2019
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in