CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

被引:39
|
作者
Dietrich, Christian J. [1 ,3 ]
Rossow, Christian [1 ,2 ]
Pohlmann, Norbert [1 ]
机构
[1] Univ Appl Sci Gelsenkirchen, Inst Internet Secur, D-45877 Gelsenkirchen, Germany
[2] Vrije Univ Amsterdam, Network Inst, Amsterdam, Netherlands
[3] Univ Erlangen Nurnberg, Dept Comp Sci, D-91054 Erlangen, Germany
来源
COMPUTER NETWORKS | 2013年 / 57卷 / 02期
关键词
Botnet C&C; Botnet detection; Traffic analysis; Network security;
D O I
10.1016/j.comnet.2012.06.019
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
We present CoCoSpot, a novel approach to recognize botnet command and control channels solely based on traffic analysis features, namely carrier protocol distinction, message length sequences and encoding differences. Thus, CoCoSpot can deal with obfuscated and encrypted C&C protocols and complements current methods to fingerprint and recognize botnet C&C channels. Using average-linkage hierarchical clustering of labeled C&C flows, we show that for more than 20 recent botnets and over 87,000 C&C flows, CoCoSpot can recognize more than 88% of the C&C flows at a false positive rate below 0.1%. (c) 2012 Elsevier B.V. All rights reserved.
引用
收藏
页码:475 / 486
页数:12
相关论文
共 50 条
  • [31] Transaction Clustering Using Network Traffic Analysis for Bitcoin and Derived Blockchains
    Biryukov, Alex
    Tikhomirov, Sergei
    IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (IEEE INFOCOM 2019 WKSHPS), 2019, : 204 - 209
  • [32] Discovering Command and Control (C2) Channels on Tor and Public Networks Using Reinforcement Learning
    Wang, Cheng
    Redino, Christopher
    Rahman, Abdul
    Clark, Ryan
    Radke, Daniel
    Cody, Tyler
    Nandakumar, Dhruv
    Bowen, Edward
    SOUTHEASTCON 2024, 2024, : 427 - 433
  • [33] B-CAT: a model for detecting botnet attacks using deep attack behavior analysis on network traffic flows
    Putra, Muhammad Aidiel Rachman
    Ahmad, Tohari
    Hostiadi, Dandy Pramana
    JOURNAL OF BIG DATA, 2024, 11 (01)
  • [34] Traffic Light Control Using Infinitesimal Perturbation Analysis
    Geng, Yanfeng
    Cassandras, Christos G.
    2012 IEEE 51ST ANNUAL CONFERENCE ON DECISION AND CONTROL (CDC), 2012, : 7001 - 7006
  • [35] Intelligent Traffic Light Control Based on Clustering using Vehicular Ad-hoc Networks
    Rashid, Hossein
    Ashrafi, Mohammad Javad Fazel
    Azizi, Mohsen
    Heydarinezhad, Mohammad Reza
    2015 7TH CONFERENCE ON INFORMATION AND KNOWLEDGE TECHNOLOGY (IKT), 2015,
  • [36] Darknet Traffic Analysis and Classification Using Numerical AGM and Mean Shift Clustering Algorithm
    Niranjana R.
    Kumar V.A.
    Sheen S.
    SN Computer Science, 2020, 1 (1)
  • [37] DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis
    Wang, Tzy-Shiah
    Lin, Hui-Tang
    Cheng, Wei-Tsung
    Chen, Chang-Yu
    COMPUTERS & SECURITY, 2017, 64 : 1 - 15
  • [38] Analysis of traffic accidents on rural highways using Latent Class Clustering and Bayesian Networks
    de Ona, Juan
    Lopez, Griselda
    Mujalli, Randa
    Calvo, Francisco J.
    ACCIDENT ANALYSIS AND PREVENTION, 2013, 51 : 1 - 10
  • [39] Traffic Performance Analysis of Dynamic Merge Control Using Microsimulation
    Jiang, Ximiao
    Bared, Joe
    Maness, Michael
    Hale, David
    TRANSPORTATION RESEARCH RECORD, 2015, (2484) : 23 - 30
  • [40] Comparison and Detection Analysis of Network Traffic Datasets Using K-Means Clustering Algorithm
    Al-Sanjary, Omar Ismael
    Bin Roslan, Muhammad Aiman
    Helmi, Rabab Alayham Abbas
    Ahmed, Ahmed Abdullah
    JOURNAL OF INFORMATION & KNOWLEDGE MANAGEMENT, 2020, 19 (03)
12345