Skip to Main content Skip to Navigation
Conference papers

BotInfer: A Bot Inference Approach by Correlating Host and Network Information

Abstract : Botnet is widely used in cyber-attacks and becomes a serious threat to network security. Existing approaches can detect botnet effectively in certain environments, however problems still exist in using host or network detection approaches respectively, such as robustness in detection tools, difficulties in global deployment and low precision rate. To solve the above problems, a novel detection approach called BotInfer is proposed. In BotInfer approach, host-based bot detection tools are deployed on some of the hosts; network flow of all the hosts is captured and analyzed; host detection result and flow information are correlated by the bot inference engine. Through the experiments, BotInfer can effectively detect the hosts in the network. When the deployment rate of bot detection tools in the network reaches 80%, the precision rate of the hosts with detection tools is about 99%, and the precision rate of the hosts without detection tools is about 86%.
Document type :
Conference papers
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/hal-01513770
Contributor : Hal Ifip <>
Submitted on : Tuesday, April 25, 2017 - 2:33:36 PM
Last modification on : Tuesday, April 25, 2017 - 2:35:49 PM
Long-term archiving on: : Wednesday, July 26, 2017 - 2:10:22 PM

File

978-3-642-40820-5_30_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Yukun He, Qiang Li, Yuede Ji, Dong Guo. BotInfer: A Bot Inference Approach by Correlating Host and Network Information. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. pp.356-367, ⟨10.1007/978-3-642-40820-5_30⟩. ⟨hal-01513770⟩

Share

Metrics

Record views

81

Files downloads

264