Detecting Encrypted Botnet Traffic

被引：0

作者：

Zhang, Han ^{[1
]}

Papadopoulos, Christos ^{[1
]}

Massey, Dan ^{[1
]}

机构：

[1] Colorado State Univ, Dept Comp Sci, Ft Collins, CO 80523 USA

来源：

2013 PROCEEDINGS IEEE INFOCOM | 2013年

关键词：

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high-entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.

引用

页码：3453 / 3458

页数：6

共 50 条

[31] Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic
Subahi, Alanoud
Theodorakopoulos, George
[J]. SENSORS, 2019, 19 (21)
[32] Detecting Malign Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network
Bazuhair, Wajdi
Lee, Wonjun
[J]. 2020 10TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2020, : 200 - 206
[33] Detecting botnet membership with DNSBL counterintelligence
Ramachandran, Anirudh
Feamster, Nick
Dagon, David
[J]. BOTNET DETECTION: COUNTERING THE LARGEST SECURITY THREAT, 2008, 36 : 131 - 142
[34] Heuristics for Detecting Botnet Coordinated Attacks
Kuwabara, Kazuya
Kikuchi, Hiroaki
Terada, Masato
Fujiwara, Masashi
[J]. FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 603 - 607
[35] Analysis and Characterisation of Botnet Scan Traffic
Marnerides, Angelos K.
Mauthe, Andreas U.
[J]. 2016 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2016,
[36] Event Graphs for the Observation of Botnet Traffic
Acarali, Dilara
Rajarajan, Muttukrishnan
Komninos, Nikos
Herwono, Ian
[J]. 2017 8TH IEEE ANNUAL INFORMATION TECHNOLOGY, ELECTRONICS AND MOBILE COMMUNICATION CONFERENCE (IEMCON), 2017, : 628 - 634
[37] Data Confirmation for Botnet Traffic Analysis
Haddadi, Fariba
Zincir-Heywood, A. Nur
[J]. FOUNDATIONS AND PRACTICE OF SECURITY (FPS 2014), 2015, 8930 : 329 - 336
[38] A Practical Analysis on Mirai Botnet Traffic
Gallopeni, Getoar
Rodrigues, Bruno
Franco, Muriel
Stiller, Burkhard
[J]. 2020 IFIP NETWORKING CONFERENCE AND WORKSHOPS (NETWORKING), 2020, : 667 - 668
[39] Botnet Detection Based on Traffic Monitoring
Zeidanloo, Hossein Rouhani
Manaf, Azizah Bt
Vahdani, Payam
Tabatabaei, Farzaneh
Zamani, Mazdak
[J]. 2010 INTERNATIONAL CONFERENCE ON NETWORKING AND INFORMATION TECHNOLOGY (ICNIT 2010), 2010, : 97 - 101
[40] Botnet Evolution: Network Traffic Indicators
Rostami, Mohammd Reza
Eslahi, Meisam
Shanmugam, Bharanidharan
Ismail, Zuraini
[J]. 2014 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST), 2014, : 274 - 279

← 1 2 3 4 5 →