Detecting Encrypted Botnet Traffic

被引：0

作者：

Zhang, Han ^{[1
]}

Papadopoulos, Christos ^{[1
]}

Massey, Dan ^{[1
]}

机构：

[1] Colorado State Univ, Dept Comp Sci, Ft Collins, CO 80523 USA

来源：

2013 PROCEEDINGS IEEE INFOCOM | 2013年

关键词：

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high-entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.

引用

页码：3453 / 3458

页数：6

共 50 条

[21] A Novel Approach for Detecting IoT Botnet Using Balanced Network Traffic Attributes
Shobana, M.
Poonkuzhali, Sugumaran
[J]. SERVICE-ORIENTED COMPUTING, ICSOC 2020, 2021, 12632 : 534 - 548
[22] A Botnet Detecting Infrastructure Using a Beneficial Botnet
Yamanoue, Takashi
[J]. PROCEEDINGS OF THE 2018 ACM SIGUCCS ANNUAL CONFERENCE (SIGUCCS '18), 2018, : 35 - 42
[23] Detecting DGA-Based Botnet with DNS Traffic Analysis in Monitored Network
Dinh-Tu Truong
Cheng, Guang
Jakalan, Ahmad
Guo, Xiaojun
Zhou, Aiping
[J]. JOURNAL OF INTERNET TECHNOLOGY, 2016, 17 (02): : 217 - 230
[24] Method of detecting IRC Botnet based on the multi-features of traffic flow
Yan, Jian-En
Yuan, Chun-Yang
Xu, Hai-Yan
Zhang, Zhao-Xin
[J]. Tongxin Xuebao/Journal on Communications, 2013, 34 (10): : 49 - 55
[25] Feasibility Study of Botnet Detection on Encrypted Data
Chandrashekar, Prakruti
Dara, Sashank
Muralidhara, V. N.
[J]. 2016 IEEE ANNUAL INDIA CONFERENCE (INDICON), 2016,
[26] The effects of feature selection on the classification of encrypted botnet
Zahian Ismail
Aman Jantan
Mohd. Najwadi Yusoff
Muhammad Ubale Kiru
[J]. Journal of Computer Virology and Hacking Techniques, 2021, 17 : 61 - 74
[27] FastDet: Detecting Encrypted Malicious Traffic Faster via Early Exit
Sun, Jiakun
Lu, Jintian
Wang, Yabo
Jin, Shuyuan
[J]. ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, ICA3PP 2023, PT I, 2024, 14487 : 301 - 319
[28] The effects of feature selection on the classification of encrypted botnet
Ismail, Zahian
Jantan, Aman
Yusoff, Mohd. Najwadi
Kiru, Muhammad Ubale
[J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2021, 17 (01) : 61 - 74
[29] Detecting domain-flux botnet based on DNS traffic features in managed network
Dinh-Tu Truong
Cheng, Guang
[J]. SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (14) : 2338 - 2347
[30] Detecting Cryptomining Traffic over an Encrypted Proxy Based on K-S Test
Hu, Xiaoyan
Lin, Boquan
Cheng, Guang
Li, Ruidong
Wu, Hua
[J]. ICC 2023-IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, 2023, : 3787 - 3792

← 1 2 3 4 5 →