Maryam Feily

Bio: Maryam Feily is an academic researcher from Universiti Sains Malaysia. The author has contributed to research in topics: Overlay network & Botnet. The author has an hindex of 5, co-authored 8 publications receiving 383 citations.

A Survey of Botnet and Botnet Detection

Abstract: Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base. It summarizes botnet detection techniques in each class and provides a brief comparison of botnet detection techniques.

Architecture for Applying Data Mining and Visualization on Network Flow for Botnet Traffic Detection

Abstract: Botnet is one of the most recent tools used in cyber-crime including Distributed Denial of Service attacks, phishing, spamming, and spying on remote computers. These days, governments, business, and individuals are facing catastrophic damages caused by hackers using malicious botnets. It is a major challenge for cyber-security research community to combat the emerging threat of botnets. Current network intrusion detection methods based on anomaly detection approaches suffer from fairly high error rate and low performance. The proposed flow based botnet detection system tackles these issues by combining data mining and visualization. The anomalous data is passed to several trust models, and the flows are re-evaluated to obtain their trustfulness, which is then aggregated to detect malicious traffic via visualization. The visualized information will be analyzed by human intellectual and conceptual ability to gain useful knowledge about botnet activities for further precaution and validation.

Discovery of Invariant Bot Behavior through Visual Network Monitoring System

Abstract: Botnets are emerging as the most significant threat facing online ecosystems and computing assets due to their enormous volume and sheer power. It is a major challenge for cyber-security research community to combat the emerging threat of botnets. Most of useful approaches for botnet traffic detection are based on passive network traffic monitoring and analysis. Nevertheless, typical network traffic generates a huge amount of data for analysis. In addition, the poor user interfaces of the existing tools lead to the insufficient utilization of the captured data, and do not consider utilization of human intellectual capability. The proposed visual network monitoring system tackles these issues by adopting proper visualization techniques. The proposed visualization techniques enhance the visibility of network traffic related to invariant bot behaviors, and provide notification of bot existence without distracting the user with huge volumes of data. The visual illustration of typical bot behavior improves the botnet traffic detection process by engaging human perception capabilities. This approach assists security personnel with a visual security tool to mitigate botnet threats by discovering invariant botnet behaviors during the benign state of a botnet in small to medium size networks. Moreover, the user friendly interface of this system is interactive, flexible, and easy to use.

Performance Study of Fluid Content Distribution Model for Peer-to-Peer Overlay Networks

Abstract: Recently overlay networks are used to serve high-concurrency applications ranging from live streaming to reliable delivery of popular content. Comparing to traditional communication mechanism overlay networks offer an enhanced alternative for content delivery in terms of flexibility, scalability, and ease of deployment. Content distribution process in overlay networks is facilitated by leveraging the uploading capacity of the receiving nodes. Content distribution in overlay networks is generally based on Chunk and Fluid model. Fluid model provides continuous transfer of the content from the source to multiple receivers. However, deploying Fluid model in heterogeneous peer-topeer overlay networks requires special consideration due to the incorporation of tightly coupled connections between adjacent peers. The aim of this paper is to study the performance of different Fluid content distribution models for peer-topeer overlay networks. In this paper, investigates three different classes of Fluid content distribution models including: Fluid model with scheduling, backpressure and encoding. Moreover, the performance of Fluid model with backpressure, and encoding, have been evaluated and compared based on download time as a critical performance metric in peer-to-peer overlay networks. The performance tests have been carried out by real implementation tests over “PlanetLab”.

Visualization of invariant bot behavior for effective botnet traffic detection

Abstract: Due to the sharp rise in computer network attacks through botnets, current security monitoring tools will be insufficient for effective botnet traffic detection In fact, most of the existing tools are text-based and there is a lack of effective user friendly interface that can facilitate detection of botnet traffic in large datasets Moreover, most of these tools are based on reactive approaches and will be triggered only after an attack is detected Therefore, enhancement of botnet traffic detection is highly demanded Knowledge discovery through information visualization is an avenue to solve these issues effectively The aim of this research is to propose a proactive approach by adopting proper visualization techniques to increase the visibility of network traffic related to invariant bot behavior and botnet activities The visualization techniques used in this research consist of graphs, scatter plots, and histograms These visualization techniques are easy to interpret and good for visualizing large datasets By adopting these techniques for invariant bot behavior visualization, it is possible to provide visual notification of bot existence in a network without distracting the user with huge volumes of data In fact, the visual illustration of typical bot behavior improves the botnet traffic detection process by engaging human perception and intellectual capabilities Overall, this visual approach can assist the security personnel to proactively detect invariant bot behaviors and botnet activities during the benign state of a botnet by providing a graphical user friendly interface Exploiting the visual information, human analysts and security personnel will be able to gain more insights into their networks, leading to make correct decisions in critical situations and to prevent catastrophic botnet attacks

Towards effective feature selection in machine learning-based botnet detection approaches

Abstract: Botnets, as one of the most formidable cyber security threats, are becoming more sophisticated and resistant to detection. In spite of specific behaviors each botnet has, there exist adequate similarities inside each botnet that separate its behavior from benign traffic. Several botnet detection systems have been proposed based on these similarities. However, offering a solution for differentiating botnet traffic (even those using same protocol, e.g. IRC) from normal traffic is not trivial. Extraction of features in either host or network level to model a botnet has been one of the most popular methods in botnet detection. A subset of features, usually selected based on some intuitive understanding of botnets, is used by the machine learning algorithms to classify/ cluster botnet traffic. These approaches, tested against two or three botnet traces, have mostly showed satisfactory detection results. Even though, their effectiveness in detection of other botnets or real traffic remains in doubt. Additionally, effectiveness of different combination of features in terms of providing more detection coverage has not been fully studied. In this paper we revisit flow-based features employed in the existing botnet detection studies and evaluate their relative effectiveness. To ensure a proper evaluation we create a dataset containing a diverse set of botnet traces and background traffic.

Botnet in DDoS Attacks: Trends and Challenges

Abstract: Threats of distributed denial of service (DDoS) attacks have been increasing day-by-day due to rapid development of computer networks and associated infrastructure, and millions of software applications, large and small, addressing all varieties of tasks. Botnets pose a major threat to network security as they are widely used for many Internet crimes such as DDoS attacks, identity theft, email spamming, and click fraud. Botnet based DDoS attacks are catastrophic to the victim network as they can exhaust both network bandwidth and resources of the victim machine. This survey presents a comprehensive overview of DDoS attacks, their causes, types with a taxonomy, and technical details of various attack launching tools. A detailed discussion of several botnet architectures, tools developed using botnet architectures, and pros and cons analysis are also included. Furthermore, a list of important issues and research challenges is also reported.