BotInfer: A Bot Inference Approach by Correlating Host and Network Information - Archive ouverte HAL Access content directly
Conference Papers Year : 2013

BotInfer: A Bot Inference Approach by Correlating Host and Network Information

(1) , (1) , (1) , (1)
1

Abstract

Botnet is widely used in cyber-attacks and becomes a serious threat to network security. Existing approaches can detect botnet effectively in certain environments, however problems still exist in using host or network detection approaches respectively, such as robustness in detection tools, difficulties in global deployment and low precision rate. To solve the above problems, a novel detection approach called BotInfer is proposed. In BotInfer approach, host-based bot detection tools are deployed on some of the hosts; network flow of all the hosts is captured and analyzed; host detection result and flow information are correlated by the bot inference engine. Through the experiments, BotInfer can effectively detect the hosts in the network. When the deployment rate of bot detection tools in the network reaches 80%, the precision rate of the hosts with detection tools is about 99%, and the precision rate of the hosts without detection tools is about 86%.
Fichier principal
Vignette du fichier
978-3-642-40820-5_30_Chapter.pdf (904.68 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01513770 , version 1 (25-04-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Yukun He, Qiang Li, Yuede Ji, Dong Guo. BotInfer: A Bot Inference Approach by Correlating Host and Network Information. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. pp.356-367, ⟨10.1007/978-3-642-40820-5_30⟩. ⟨hal-01513770⟩
33 View
108 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More