An enhanced model for network flow based botnet detection

Wijesinghe, Udaya; Tupakula, Udaya; Varadharajan, Vijay

Author(s)

Wijesinghe, Udaya

Tupakula, Udaya

Varadharajan, Vijay

Publication Date

2015

Abstract

<p>The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.</p>

Citation

Proceedings of the 38th australasian computer science conference (ACSC 2015), p. 101-110

ISBN

9781921770418

ISSN

1445-1336

Link

https://hdl.handle.net/1959.11/57195

Language

en

Publisher

Australian Computer Society Inc

Title

An enhanced model for network flow based botnet detection

Type of document

Conference Publication

Entity Type

Publication

Author(s)	Wijesinghe, Udaya Tupakula, Udaya Varadharajan, Vijay
Publication Date	2015
Abstract	<p>The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.</p>
Citation	Proceedings of the 38th australasian computer science conference (ACSC 2015), p. 101-110
ISBN	9781921770418
ISSN	1445-1336
Link	https://hdl.handle.net/1959.11/57195
Language	en
Publisher	Australian Computer Society Inc
Title	An enhanced model for network flow based botnet detection
Type of document	Conference Publication
Entity Type	Publication

An enhanced model for network flow based botnet detection

Files: