An algorithm for anomaly-based botnet detection

被引:0
|
作者
Binkley, James R. [1 ]
Singh, Suresh [1 ]
机构
[1] Portland State Univ, Dept Comp Sci, Portland, OR 97207 USA
来源
USENIX ASSOCIATION PROCEEDINGS OF THE 2ND WORKSHOP ON STEPS TO REDUCING UNWANTED TRAFFIC ON THE INTERNET | 2006年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in channels. We sort the channels by the number of scanners producing a sorted list of potential botnets. This algorithm has been deployed in PSU's DMZ for over a year and has proven effective in reducing the number of botnet clients.
引用
收藏
页码:43 / +
页数:3
相关论文
共 50 条
  • [1] A STUDY OF MACHINE LEARNING CLASSIFIERS FOR ANOMALY-BASED MOBILE BOTNET DETECTION
    Feizollah, Ali
    Anuar, Nor Badrul
    Salleh, Rosli
    Amalina, Fairuz
    Ma'arof, Ra'uf Ridzuan
    Shamshirband, Shahaboddin
    MALAYSIAN JOURNAL OF COMPUTER SCIENCE, 2013, 26 (04) : 251 - 265
  • [2] Botnet Detection Based on Anomaly and Community Detection
    Wang, Jing
    Paschalidis, Ioannis Ch.
    IEEE TRANSACTIONS ON CONTROL OF NETWORK SYSTEMS, 2017, 4 (02): : 392 - 404
  • [3] Collaborative anomaly-based attack detection
    Gamer, Thomas
    Scharf, Michael
    Schoeller, Marcus
    SELF-ORGANIZING SYSTEMS, PROCEEDINGS, 2007, 4725 : 280 - +
  • [4] An Anomaly-based Intrusion Detection System Using Butterfly Optimization Algorithm
    Mahboob, Amir Soltany
    Moghaddam, Mohammad Reza Ostadi
    2020 6TH IRANIAN CONFERENCE ON SIGNAL PROCESSING AND INTELLIGENT SYSTEMS (ICSPIS), 2020,
  • [5] Benchmarking anomaly-based detection systems
    Maxion, RA
    Tan, KMC
    DSN 2000: INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2000, : 623 - 630
  • [6] New Wrapper Feature Selection Algorithm for Anomaly-Based Intrusion Detection Systems
    Kherbache, Meriem
    Espes, David
    Amroun, Kamal
    FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2020, 2021, 12637 : 3 - 19
  • [7] Learning problem and BCJR decoding algorithm in anomaly-based intrusion detection systems
    Jecheva, Veselina G.
    Nikolova, Evgeniya P.
    Journal of Software, 2007, 2 (06) : 42 - 52
  • [8] Adaptive anomaly-based intrusion detection system using genetic algorithm and profiling
    Alves Resende, Paulo Angelo
    Drummond, Andre Costa
    SECURITY AND PRIVACY, 2018, 1 (04):
  • [9] Insider Threat Detection Model Using Anomaly-Based Isolation Forest Algorithm
    Al-Shehari, Taher
    Al-Razgan, Muna
    Alfakih, Taha
    Alsowail, Rakan A.
    Pandiaraj, Saravanan
    IEEE ACCESS, 2023, 11 : 118170 - 118185
  • [10] ANOMALY-BASED NETWORK INTRUSION DETECTION METHODS
    Nevlud, Pavel
    Bures, Miroslav
    Kapicak, Lukas
    Zdralek, Jaroslav
    ADVANCES IN ELECTRICAL AND ELECTRONIC ENGINEERING, 2013, 11 (06) : 468 - 474
12345