An algorithm for anomaly-based botnet detection

被引:0
|
作者
Binkley, James R. [1 ]
Singh, Suresh [1 ]
机构
[1] Portland State Univ, Dept Comp Sci, Portland, OR 97207 USA
来源
USENIX ASSOCIATION PROCEEDINGS OF THE 2ND WORKSHOP ON STEPS TO REDUCING UNWANTED TRAFFIC ON THE INTERNET | 2006年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in channels. We sort the channels by the number of scanners producing a sorted list of potential botnets. This algorithm has been deployed in PSU's DMZ for over a year and has proven effective in reducing the number of botnet clients.
引用
收藏
页码:43 / +
页数:3
相关论文
共 50 条
  • [21] A transparent and scalable anomaly-based DoS detection method
    Joldzic, Ognjen
    Djuric, Zoran
    Vuletic, Pavle
    COMPUTER NETWORKS, 2016, 104 : 27 - 42
  • [22] Anomaly-based intrusion detection using Bayesian networks
    Tylman, Wojciech
    DEPCOS - RELCOMEX 2008: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON DEPENDABILITY OF COMPUTER SYSTEMS, 2008, : 211 - +
  • [23] Virtual Machine Introspection for Anomaly-Based Keylogger Detection
    Huseynov, Huseyn
    Kourai, Kenichi
    Saadawi, Tarek
    Igbe, Obinna
    2020 IEEE 21ST INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE SWITCHING AND ROUTING (IEEE HPSR), 2020,
  • [24] SCADA Networks Anomaly-based Intrusion Detection System
    Almehmadi, Abdulaziz
    11TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS (SIN 2018), 2018,
  • [25] Anomaly-Based Intrusion Detection Algorithms for Wireless Networks
    Fragkiadakis, Alexandros G.
    Siris, Vasilios A.
    Petroulakis, Nikolaos
    WIRED-WIRELESS INTERNET COMMUNICATIONS, PROCEEDINGS, 2010, 6074 : 192 - 203
  • [26] Unsupervised Anomaly Based Botnet Detection in IoT Networks
    Nomm, Sven
    Bahsi, Hayretdin
    2018 17TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA), 2018, : 1048 - 1053
  • [27] Anomaly-Based Network Intrusion Detection Using SVM
    Zhang, Yuan
    Yang, Qinghai
    Lambotharan, Sangarapillai
    Kyriakopoulos, Konstantinos
    Ghafir, Ibrahim
    AsSadhan, Basil
    2019 11TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS AND SIGNAL PROCESSING (WCSP), 2019,
  • [28] Anomaly-based intrusion detection system for IoT application
    Bhavsar M.
    Roy K.
    Kelly J.
    Olusola O.
    Discover Internet of Things, 2023, 3 (01):
  • [29] Feature Selection for Effective Anomaly-Based Intrusion Detection
    Ghali, Noreen I.
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2009, 9 (03): : 285 - 289
  • [30] Anomaly-Based Intrusion Detection of Protocol-Aware Jamming
    Lichtman, Marc
    Reed, Jeffrey H.
    2015 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM 2015), 2015, : 269 - 274
12345