BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows

Abstract : Botnets are one of the most dangerous and serious cybersecurity threats since they are a major vector of large-scale attack campaigns such as phishing, distributed denial-of-service (DDoS) attacks, trojans, spams, etc. A large body of research has been accomplished on botnet detection, but recent security incidents show that there are still several challenges remaining to be addressed, such as the ability to develop detectors which can cope with new types of botnets. In this paper, we propose BotGM, a new approach to detect botnet activities based on behavioral analysis of network traffic flow. BotGM identifies network traffic behavior using graph-based mining techniques to detect botnets behaviors and model the dependencies among flows to trace-back the root causes then. We applied BotGM on a publicly available large dataset of Botnet network flows, where it detects various botnet behaviors with a high accuracy without any prior knowledge of them.
Type de document :
Communication dans un congrès
CSNet 2017 - 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil
Liste complète des métadonnées

Littérature citée [32 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01636480
Contributeur : Jérôme François <>
Soumis le : jeudi 16 novembre 2017 - 16:03:10
Dernière modification le : vendredi 1 décembre 2017 - 01:14:53

Fichier

botgm-csnet.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01636480, version 1

Collections

Citation

Sofiane Lagraa, Jerome Francois, Abdelkader Lahmadi, Marine Miner, Christian Hammerschmidt, et al.. BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows. CSNet 2017 - 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil. 〈hal-01636480〉

Partager

Métriques

Consultations de la notice

67

Téléchargements de fichiers

50