Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Crime and Social Media: Legal Responses to Offensive Online Communications and Abuse Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

A New Scalable Botnet Detection Method in the Frequency Domain

verfasst von : Giovanni Bottazzi, Giuseppe F. Italiano, Giuseppe G. Rutigliano

Erschienen in: Cyber Criminology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Botnets have become one of the most significant cyber threat over the last decade. The diffusion of the “Internet of Things” and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, analyzing the network traffic generated by the infected hosts, in order to find malicious behaviors regardless of the specific payload, architecture and protocol. In this chapter, we address the periodic behavior of infected hosts communicating with their Command-and-Control (C2) servers. We introduce an effective, fast and scalable approach based on the layer-5 traffic analysis in the frequency domain, without using the well-known Fast Fourier Transform. The mentioned analysis has been performed exploiting the logs of a wide corporate network and tested on real malware samples, in order to demonstrate its applicability almost in every practical scenario.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Tor Black Markets: Economics, Characterization and Investigation Technique
Nächstes Kapitel Predicting the Cyber Attackers; A Comparison of Different Classification Techniques
Literatur
AsSadhan, B., & Moura, J. M. F. (2014). An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic. Journal of Advanced Research, 5, 435–448.CrossRef
AsSadhan, B., et al. (2009a). Detecting botnets using command and control traffic. Network Computing and Applications, 2009. NCA 2009. 8th IEEE International symposium on. IEEE.
AsSadhan, B., Moura, J. M. F., & Lapsley, D. (2009b, November 30–December 4). Periodic behavior in botnet command and control channels traffic. In Proceedings of IEEE Global Communications conference (IEEE GLOBECOM 2009). Honolulu.
Balram, S., & Wilscy, M. (2014). User traffic profile for traffic reduction and effective bot C&C detection. International Journal of Network Security, 16(1), 46–52.
Bartlett, G. et al. (2011, April 10–15). Low-rate, flow-level periodicity detection. In Proceedings of the 30th IEEE International Conference on Computer Communications (IEEE INFOCOM 2011), Shanghai.
Bottazzi, G., & Italiano, G. F. (2015). Fast mining of large-scale logs for botnet detection: A field study. In Proceedings of the 3rd IEEE international workshop on Cybercrimes and Emerging Web Environments, in conjunction with the 13th IEEE international conference on dependable, autonomic and secure computing, At Liverpool, UK.
Bottazzi, G., et al. (2015). MP-shield: A framework for phishing detection in mobile devices. In Proceedings of the 3rd IEEE international workshop on Cybercrimes and Emerging Web Environments, Liverpool, UK.
Bottazzi, G., Italiano, G. F., & Rutigliano, G. G. (2016, July 20–22). Frequency domain analysis of large-scale proxy logs for botnet traffic detection. In Proceedings of the 9th international conference on Security of Information and Networks (SIN ‘16), Rutgers University, New Jersey.
Chimetseren, E., Iwai, K., Tanaka, H., & Kurokawa, T. (2014, October 15–17). A study of IDS using discrete Fourier transform. In Proceedings of international conference on Advanced Technologies for Communications, ATC, Hanoi.
Eslahi, M., et al. (2015). Periodicity classification of HTTP traffic to detect HTTP botnets. In Proceedings IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE 2015), Langkawi.
Falliere, N. (2011). Sality: Story of a peer-to-peer viral network (Technical Report by Symantec Labs).
Giuseppini, G., Burnett, M., Faircloth, J., & Kleiman, D. (2015). Microsoft log parser toolkit: A complete toolkit for Microsoft’s undocumented log analysis tool. ISBN-13: 978–1932266528.
Gu, G., Zhang, J., & Lee, W. (2008a). Botsniffer: Detecting botnet command and control channels in network traffic. NDSS.
Gu, G., Perdisci, R., Zhang, J., Lee, W., et al. (2008b). Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection (USENIX Security Symposium, pp 139–154).
Heideman, M. T., Don, H., & Johnson, C. (1984). Sidney Burrus, Gauss and the History of the Fast Fourier Transform. IEEE ASSP Magazine.
Herley, C., & Florencio, D. (2009). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy (Microsoft TechReport).
Kwon, J., Kim, J., Lee, J., Lee, H., & Perrig, A. (2014). PsyBoG: Power spectral density analysis for detecting botnet groups. In Proceedings of the 9th IEEE international conference on Malicious and Unwanted Software, MALCON.
Kwon, J., Kim, J., Lee, J., Lee, H., & Perrig, A. (2016). PsyBoG: A scalable botnet detection method for large-scale DNS traffic. Computer Networks, 97, 48–73.CrossRef
Ogu, E. C., Vrakas, N., Chiemela, O., & Ajose-Ismail, B. M. (2016). On the internal workings of botnets: A review. International Journal of Computer Applications, 138(4).CrossRef
Paul, T., et al. (2014). Fast-flux botnet detection from network traffic. India Conference (INDICON), 2014 annual IEEE. IEEE.
Rossow, C., et al. (2013). P2PWNED: Modeling and evaluating the resilience of peer-to-peer botnets. In Proceedings of the 2013 IEEE symposium on Security and Privacy (SP 2013), San Francisco.
Sood, A. K., & Bansal, R. (2014). Prosecting the citadel botnet – Revealing the dominance of the Zeus descendent, Kaspersky Virus Bulletin.
Tegeler, F., Xiaoming, F., Vigna, G., & Kruegel, C. (2012). BotFinder: Finding bots in network traffic without deep packet inspection. In Proceedings of the 8th international conference on Emerging Networking Experiments and Technologies (CoNEXT ‘12).
Thaker, K. S. (2015). Modelling and detection of camouflaging worm at an advance level. International Journal of Advanced Research in Computer Science and Software Engineering, 5(10), 758–762.
Tsuge, Y., & HidemaTanaka. (2016). Intrusion detection system using discrete Fourier Transform with window function. International Journal of Network Security & Its Applications (IJNSA), 8(2), 23–34.CrossRef
Yu, X., Dong, X., Yu, G., Qin, Y., Yue, D., & Zhao, Y. (2010). Online botnet detection based on incremental discrete Fourier transform. Journal of Networks, 5(5), 568–576.CrossRef
Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., & Garant, D. (2013). Botnet detection based on traffic behavior analysis and flow intervals. Computers and Security, 39, 2–16.CrossRef
Zhou, M., & Lang, S.-D. (2003). Mining frequency content of network traffic for intrusion detection. In Proceedings of the IASTED international conference on communication, network, and information security.
Zhou, M., & Lang, S.-D. (2004). A frequency-based approach to intrusion detection. Journal of Systemics, Cybernetics and Informatics, 2(3), 52–56.
Metadaten
Titel
A New Scalable Botnet Detection Method in the Frequency Domain
verfasst von
Giovanni Bottazzi
Giuseppe F. Italiano
Giuseppe G. Rutigliano
Copyright-Jahr
2018
Buch
Cyber Criminology

Print ISBN: 978-3-319-97180-3

Electronic ISBN: 978-3-319-97181-0

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-97181-0_7