Loading...
Search for:
netflows
0.004 seconds
An anomaly-based botnet detection approach for identifying stealthy botnets
, Article ICCAIE 2011 - 2011 IEEE Conference on Computer Applications and Industrial Electronics ; 2011 , Pages 564-569 ; 9781457720581 (ISBN) ; Abbaspour, M ; Kharrazi, M ; Sanatkar, H ; IEEE Malaysia; IEEE Malaysia Power Electron. (PEL)/; Ind. Electron. (IE)/Ind. Appl. (IA) Jt. Chapter; IEEE Engineering in Medicine and; Biology Malaysia Chapter ; Sharif University of Technology
Abstract
Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial of service (DDoS) attacks. Most of previous researches have introduced fully or partially signature-based botnet detection approaches. In this paper, we propose a fully anomaly-based approach that requires no a priori knowledge of bot signatures, botnet C&C protocols, and C&C server addresses. We start from inherent characteristics of botnets. Bots connect to the C&C channel and execute the received commands. Bots belonging to the same botnet receive the same commands that causes them having similar netflows characteristics and...