Giovanni Bottazzi
Giuseppe F. Italiano
ABSTRACT
Botnets have become one of the most significant cyber threats over the last decade. The diffusion of the "Internet of Things" and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, and on analyzing the network traffic generated by the infected hosts, in order to find behavioral patterns independent from the specific payloads, architectures and protocols. In this paper we address the periodic behavioral patterns of infected hosts communicating with their Command-and-Control servers. The main novelty introduced is related to the traffic analysis in the frequency domain without using the well-known Fast Fourier Transform. Moreover, the mentioned analysis is performed through the exploitation of the proxy logs, easily deployable on almost every real-world scenario, from enterprise networks to mobile devices.
- G. Gu, J. Zhang, and W. Lee, "Botsniffer: Detecting botnet command and control channels in network traffic", in NDSS, 2008.Google Scholar
- Aditya K. Sood, Rohit Bansal, "Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent", Kaspersky Virus Bulletin, September 2014;Google Scholar
- G. Gu et al., "Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection", in USENIX Security Symposium, 2008, pp. 139--154. Google ScholarDigital Library
- AsSadhan B. et al. "Detecting botnets using command and control traffic", in Network Computing and Applications, 2009. NCA 2009. 8th IEEE International Symposium on. IEEE, 2009. Google ScholarDigital Library
- F. Tegeler et al., "BotFinder: finding bots in network traffic without deep packet inspection.", In Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies (CoNEXT '12), 2012. Google ScholarDigital Library
- P. Tuhin, et al. "Fast-flux botnet detection from network traffic." India Conference (INDICON), 2014 Annual IEEE. IEEE, 2014.Google Scholar
- Kinjal S. Thaker, "Modelling and Detection of Camouflaging Worm at an Advance Level", International Journal of Advanced Research in Computer Science and Software Engineering, Volume 5, Issue 10, October-2015, pp. 758--762.Google Scholar
- Soniya Balram and M. Wilscy, "User Traffic Profile for Traffic Reduction and Effective Bot C&C Detection", International Journal of Network Security, Vol.16, No.1, Jan. 2014, pp.46--52.Google Scholar
- J. Kwon et al., "PsyBoG: Power spectral density analysis for detecting botnet groups", in Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014.Google ScholarCross Ref
- J. Kwon et al., "PsyBoG: A scalable botnet detection method for large-scale DNS traffic", in Computer Networks 97 (2016), pp. 48--73. Google ScholarDigital Library
- G. Giuseppini, M. Burnett, J. Faircloth, D. Kleiman, "Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool", ISBN-13: 978-1932266528. Google ScholarDigital Library
- G. Bottazzi, G. F. Italiano, "Fast Mining of Large-Scale Logs for Botnet Detection: A Field Study", in Proceedings of the 3rd IEEE International Workshop on Cybercrimes and Emerging Web Environments, Liverpool, UK, October 2015.Google Scholar
- Kaspersky Security Bulletin 2014. Overall Statistics for 2014.Google Scholar
- OTX -- Alien Vault. https://otx.alienvault.com/indicator/ip/208.91.196.145/Google Scholar
- G. Bottazzi et al., "MP-Shield: A Framework for Phishing Detection in Mobile Devices", in Proceedings of the 3rd IEEE International Workshop on Cybercrimes and Emerging Web Environments, Liverpool, UK, October 2015.Google Scholar
Recommendations
A Survey of Botnet and Botnet Detection
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesAmong the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical ...
Classification of Botnet Detection Based on Botnet Architechture
CSNT '12: Proceedings of the 2012 International Conference on Communication Systems and Network TechnologiesNowadays, Botnets pose a major threat to the security of online ecosystems and computing assets. A Botnet is a network of computers which are compromised under the influence of Bot (malware) code. This paper clarifies Botnet phenomenon and discusses ...
Your botnet is my botnet: analysis of a botnet takeover
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityBotnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is ...
Comments