BotTrack: Tracking Botnets Using NetFlow and PageRank

Abstract : With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. We extend the popular linkage analysis algorithm PageRank with an additional clustering process in order to efficiently detect stealthy botnets using peer-to-peer communication infrastructures and not exhibiting large volumes of traffic. The key conceptual component in our approach is to analyze communication behavioral patterns and to infer potential botnet activities.
Type de document :
Communication dans un congrès
Jordi Domingo-Pascual; Pietro Manzoni; Sergio Palazzo; Ana Pont; Caterina Scoglio. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6640 (Part I), pp.1-14, 2011, NETWORKING 2011. 〈10.1007/978-3-642-20757-0_1〉
Liste complète des métadonnées

Littérature citée [37 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00613597
Contributeur : Jérôme François <>
Soumis le : vendredi 5 août 2011 - 10:30:33
Dernière modification le : vendredi 8 septembre 2017 - 09:09:21
Document(s) archivé(s) le : lundi 12 novembre 2012 - 15:10:55

Fichier

networking11CR.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jérôme François, Shaonan Wang, Radu State, Thomas Engel. BotTrack: Tracking Botnets Using NetFlow and PageRank. Jordi Domingo-Pascual; Pietro Manzoni; Sergio Palazzo; Ana Pont; Caterina Scoglio. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6640 (Part I), pp.1-14, 2011, NETWORKING 2011. 〈10.1007/978-3-642-20757-0_1〉. 〈inria-00613597〉

Partager

Métriques

Consultations de la notice

365

Téléchargements de fichiers

2060