Detecting Encrypted Botnet Traffic

被引：0

作者：

Zhang, Han ^{[1
]}

Papadopoulos, Christos ^{[1
]}

Massey, Dan ^{[1
]}

机构：

[1] Colorado State Univ, Dept Comp Sci, Ft Collins, CO 80523 USA

来源：

2013 PROCEEDINGS IEEE INFOCOM | 2013年

关键词：

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high-entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.

引用

页码：3453 / 3458

页数：6

共 50 条

[1] Detecting Encrypted Botnet Traffic
Zhang, Han
Papadopoulos, Christos
Massey, Dan
[J]. 2013 IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS), 2013, : 163 - 168
[2] Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation
Wei, Chen
Le, Yu
Geng, Yang
[J]. CHINA COMMUNICATIONS, 2012, 9 (10) : 49 - 59
[3] Botnet Protocol Inference in the Presence of Encrypted Traffic
De Carli, Lorenzo
Torres, Ruben
Modelo-Howard, Gaspar
Tongaonkar, Alok
Jha, Somesh
[J]. IEEE INFOCOM 2017 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, 2017,
[4] Detecting botnet by anomalous traffic
Chen, Chia-Mei
Lin, Hsiao-Chung
[J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2015, 21 : 42 - 51
[5] Detecting HTTP Botnet with Clustering Network Traffic
Cai, Tao
Zou, Futai
[J]. 2012 INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING (WICOM), 2012,
[6] Detecting Ransomware in Encrypted Web Traffic
Modi, Jaimin
Traore, Issa
Ghaleb, Asem
Ganame, Karim
Ahmed, Sherif
[J]. FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2019, 2020, 12056 : 345 - 353
[7] A framework for detecting botnet command and control communication over an encrypted channel
Ismail, Zahian
Jantan, Aman
Yusoff, Mohd. Najwadi
[J]. International Journal of Advanced Computer Science and Applications, 2020, 11 (01): : 319 - 326
[8] A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel
Ismail, Zahian
Jantan, Aman
Yusoff, Mohd Najwadi
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2020, 11 (01) : 319 - 326
[9] On the Practicality of Detecting Anomalies with Encrypted Traffic in AMI
Berthier, Robin
Urbina, David I.
Cardenas, Alvaro A.
Guerrero, Michael
Herberg, Ulrich
Jetcheva, Jorjeta G.
Mashima, Daisuke
Huh, Jun Ho
Bobba, Rakesh B.
[J]. 2014 IEEE INTERNATIONAL CONFERENCE ON SMART GRID COMMUNICATIONS (SMARTGRIDCOMM), 2014, : 890 - 895
[10] Detecting Encrypted Traffic: A Machine Learning Approach
Cha, Seunghun
Kim, Hyoungshick
[J]. INFORMATION SECURITY APPLICATIONS, WISA 2016, 2017, 10144 : 54 - 65

← 1 2 3 4 5 →