BotInfer: A Bot Inference Approach by Correlating Host and Network Information - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2013

BotInfer: A Bot Inference Approach by Correlating Host and Network Information

Résumé

Botnet is widely used in cyber-attacks and becomes a serious threat to network security. Existing approaches can detect botnet effectively in certain environments, however problems still exist in using host or network detection approaches respectively, such as robustness in detection tools, difficulties in global deployment and low precision rate. To solve the above problems, a novel detection approach called BotInfer is proposed. In BotInfer approach, host-based bot detection tools are deployed on some of the hosts; network flow of all the hosts is captured and analyzed; host detection result and flow information are correlated by the bot inference engine. Through the experiments, BotInfer can effectively detect the hosts in the network. When the deployment rate of bot detection tools in the network reaches 80%, the precision rate of the hosts with detection tools is about 99%, and the precision rate of the hosts without detection tools is about 86%.
Fichier principal
Vignette du fichier
978-3-642-40820-5_30_Chapter.pdf (904.68 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01513770 , version 1 (25-04-2017)

Licence

Paternité

Identifiants

Citer

Yukun He, Qiang Li, Yuede Ji, Dong Guo. BotInfer: A Bot Inference Approach by Correlating Host and Network Information. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. pp.356-367, ⟨10.1007/978-3-642-40820-5_30⟩. ⟨hal-01513770⟩
39 Consultations
112 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More