An algorithm for anomaly-based botnet detection

被引:0
|
作者
Binkley, James R. [1 ]
Singh, Suresh [1 ]
机构
[1] Portland State Univ, Dept Comp Sci, Portland, OR 97207 USA
来源
USENIX ASSOCIATION PROCEEDINGS OF THE 2ND WORKSHOP ON STEPS TO REDUCING UNWANTED TRAFFIC ON THE INTERNET | 2006年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in channels. We sort the channels by the number of scanners producing a sorted list of potential botnets. This algorithm has been deployed in PSU's DMZ for over a year and has proven effective in reducing the number of botnet clients.
引用
收藏
页码:43 / +
页数:3
相关论文
共 50 条
  • [41] ADroid: anomaly-based detection of malicious events in Android platforms
    A. Ruiz-Heras
    P. García-Teodoro
    L. Sánchez-Casado
    International Journal of Information Security, 2017, 16 : 371 - 384
  • [42] USAID: Unifying signature-based and anomaly-based intrusion detection
    Li, ZW
    Das, A
    Zhou, JY
    ADVANCES IN KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS, 2005, 3518 : 702 - 712
  • [43] Poster: Design of an Anomaly-based Threat Detection & Explication System
    Luh, Robert
    Schrittwieser, Sebastian
    Marschalek, Stefan
    Janicke, Helge
    Weippl, Edgar
    PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17), 2017, : 119 - 120
  • [44] Anomaly-Based Web Attack Detection: A Deep Learning Approach
    Liang, Jingxi
    Zhao, Wen
    Ye, Wei
    PROCEEDINGS OF 2017 VI INTERNATIONAL CONFERENCE ON NETWORK, COMMUNICATION AND COMPUTING (ICNCC 2017), 2017, : 80 - 85
  • [45] Learning Mechanisms for Anomaly-Based Intrusion Detection: Updated Review
    El-Alfy, El-Sayed M.
    Al-Utaibi, Khaled A.
    2017 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), 2017, : 1273 - 1281
  • [46] Enabling Anomaly-based Intrusion Detection Through Model Generalization
    Viegas, Eduardo
    Santin, Altair
    Ahreu, Vilmar
    Oliveira, Luiz S.
    2018 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC), 2018, : 939 - 944
  • [47] Anomaly-based Insider Threat Detection using Deep Autoencoders
    Liu, Liu
    De Vel, Olivier
    Chen, Chao
    Zhang, Jun
    Xiang, Yang
    2018 18TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW), 2018, : 39 - 48
  • [48] Anomaly-based Intrusion Detection Using Auto-encoder
    Nguimbous, Yves Nsoga
    Ksantini, Riadh
    Bouhoula, Adel
    2019 27TH INTERNATIONAL CONFERENCE ON SOFTWARE, TELECOMMUNICATIONS AND COMPUTER NETWORKS (SOFTCOM), 2019, : 505 - 509
  • [49] POSTER: Anomaly-Based Misbehaviour Detection in Connected Car Backends
    Berlin, Olga
    Held, Albert
    Matousek, Matthias
    Kargl, Frank
    2016 IEEE VEHICULAR NETWORKING CONFERENCE (VNC), 2016,
  • [50] A Hybrid Model for Anomaly-based Intrusion Detection in SCADA Networks
    Ullah, Imtiaz
    Mahmoud, Qusay H.
    2017 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2017, : 2160 - 2167
12345