BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows - Archive ouverte HAL Access content directly
Conference Papers Year :

BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows

(1) , (1, 2) , (1, 3, 4) , (5) , (2) , (2)
1
2
3
4
5

Abstract

Botnets are one of the most dangerous and serious cybersecurity threats since they are a major vector of large-scale attack campaigns such as phishing, distributed denial-of-service (DDoS) attacks, trojans, spams, etc. A large body of research has been accomplished on botnet detection, but recent security incidents show that there are still several challenges remaining to be addressed, such as the ability to develop detectors which can cope with new types of botnets. In this paper, we propose BotGM, a new approach to detect botnet activities based on behavioral analysis of network traffic flow. BotGM identifies network traffic behavior using graph-based mining techniques to detect botnets behaviors and model the dependencies among flows to trace-back the root causes then. We applied BotGM on a publicly available large dataset of Botnet network flows, where it detects various botnet behaviors with a high accuracy without any prior knowledge of them.
Fichier principal
Vignette du fichier
botgm-csnet.pdf (412.43 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01636480 , version 1 (16-11-2017)

Identifiers

  • HAL Id : hal-01636480 , version 1

Cite

Sofiane Lagraa, Jerome Francois, Abdelkader Lahmadi, Marine Minier, Christian Hammerschmidt, et al.. BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows. CSNet 2017 - 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil. ⟨hal-01636480⟩
649 View
1215 Download

Share

Gmail Facebook Twitter LinkedIn More