Detecting Botnets with Tight Command and Control

13 years 10 months ago

Download people.csail.mit.edu

Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that is unlikely to be a part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. Our results show that botnet evidence can be extracted from a traffic trace containing almost 9 million flows.

W. Timothy Strayer, Robert Walsh, Carl Livadas, Da

Real-time Traffic

Botnet | LCN 2006 | Likely Traffic | Traffic Content |

claim paper

» BotSniffer Detecting Botnet Command and Control Channels in Network Traffic

» HoneypotAware Advanced Botnet Construction and Maintenance

» Automatically Generating Models for Botnet Detection

» Automatic discovery of botnet communities on largescale communication networks

» Quantitatively Analyzing Stealthy Communication Channels

» BotGrep Finding P2P Bots with Structured Graph Analysis

» Building a Dynamic Reputation System for DNS

» BLAZE A Mobile Agent Paradigm for VoIP Intrusion Detection Systems

Post Info
More Details (n/a)

Added	12 Jun 2010
Updated	12 Jun 2010
Type	Conference
Year	2006
Where	LCN
Authors	W. Timothy Strayer, Robert Walsh, Carl Livadas, David E. Lapsley

Comments (0)

Sciweavers

Detecting Botnets with Tight Command and Control

Botnet | LCN 2006 | Likely Traffic | Traffic Content |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers