Implementation and evaluation of bot detection scheme based on data transmission intervals

Seiichiro Mizoguchi, Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

2 被引用数 (Scopus)

抄録

Botnet is one of the most considerable issues in the world. A host infected with a bot is used for collecting personal information, launching DoS attacks, sending spam e-mail and so on. If such a machine exists in an organizational network, that organization will lose its reputation. We have to detect these bots existing in organizational networks immediately. Several network-based bot detection methods have been proposed; however, some traditional methods using payload analysis or signature-based detection scheme are undesirable in large amount of traffic. Also there is a privacy issue with looking into payloads, so we have to develop another scheme that is independent of payload analysis. In this paper, we propose a bot detection method which focuses on data transmission intervals. We distinguish human-operated clients and bots by their network behaviors. We assumed that a bot communicates with C&C server periodically and each interval of data transmission will be the same. We found that we can detect such behaviors by using clustering analysis to these intervals. We implemented our proposed algorithm and evaluated by testing normal IRC traffic and bot traffic captured in our campus network. We found that our method could detect IRC-based bots with low false positives.

本文言語英語
ホスト出版物のタイトル2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010
ページ73-78
ページ数6
DOI
出版ステータス出版済み - 12月 1 2010
イベント2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010 - Kyoto, 日本
継続期間: 10月 5 201010月 5 2010

出版物シリーズ

名前2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010

その他

その他2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010
国/地域日本
CityKyoto
Period10/5/1010/5/10

!!!All Science Journal Classification (ASJC) codes

  • コンピュータ ネットワークおよび通信

フィンガープリント

「Implementation and evaluation of bot detection scheme based on data transmission intervals」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル