Journal ArticleDOI
A fuzzy pattern-based filtering algorithm for botnet detection
Reads0
Chats0
TLDR
A behavior-based botnet detection system based on fuzzy pattern recognition techniques that can reduce more than 70% input raw packet traces and achieve a high detection rate, and the proposed FPRF algorithm is resource-efficient and can identify inactive botnets to indicate potential vulnerable hosts.About:
This article is published in Computer Networks.The article was published on 2011-10-01. It has received 83 citations till now. The article focuses on the topics: Botnet & Network security.read more
Citations
More filters
Journal ArticleDOI
A survey of botnet detection based on DNS
TL;DR: This paper is the first survey to discuss DNS-based botnet detection techniques in which the problems, existing solutions and the future research direction in the field ofBotnet detection based on DNS traffic analysis for effective botnets detection mechanisms in the future are explored and clarified.
Journal ArticleDOI
Botnet detection via mining of traffic flow characteristics
G. Kirubavathi,R. Anitha +1 more
TL;DR: A novel approach to detect botnets irrespective of their structures, based on network traffic flow behavior analysis and machine learning techniques is proposed and can successfully detect the various types of botnets with a high detection rate and a low false positive rate.
Journal ArticleDOI
An efficient reinforcement learning-based Botnet detection approach
Mohammad Alauthman,Nauman Aslam,Mouhammd Alkasassbeh,Suleman Khan,Ahmad Al-Qerem,Kim-Kwang Raymond Choo +5 more
TL;DR: A sophisticated traffic reduction mechanism, integrated with a reinforcement learning technique is proposed, which achieves a relatively low false positive rate and achieves a detection rate of 98.3%.
Journal ArticleDOI
Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification
TL;DR: A study on the effect of (if any) the feature sets of network traffic flow exporters on the performance of botnet traffic classification indicates that the use of a flow exporter and a protocol filter indeed has an effect on theperformance of botnets.
Journal ArticleDOI
Issues and challenges in DNS based botnet detection: A survey
TL;DR: This survey presents a new classification for DNS-based botnet detection techniques and provides a deep analysis of each technique within the category.
References
More filters
Proceedings Article
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more
TL;DR: This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.
Proceedings ArticleDOI
Transport layer identification of P2P traffic
TL;DR: In this article, the authors developed a systematic methodology to identify P2P flows at the transport layer, i.e., based on connection patterns of peer-to-peer networks, without relying on packet payload.
Proceedings Article
Effective and efficient malware detection at the end host
Clemens Kolbitsch,Paolo Milani Comparetti,Christopher Kruegel,Engin Kirda,Xiaoyong Zhou,XiaoFeng Wang +5 more
TL;DR: A novel malware detection approach is proposed that is both effective and efficient, and thus, can be used to replace or complement traditional antivirus software at the end host.
Proceedings ArticleDOI
Usilng Machine Learning Technliques to Identify Botnet Traffic
TL;DR: This work presents work on using machine learning-based classification techniques to identify the command and control (C2) traffic of IRC-based botnets - compromised hosts that are collectively commanded using Internet relay chat (IRC).
Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
TL;DR: This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.