English  |  正體中文  |  简体中文  |  Items with full text/Total items : 28611/40649
Visitors : 644036      Online Users : 47
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search

Please use this identifier to cite or link to this item: http://ntour.ntou.edu.tw:8080/ir/handle/987654321/33431

Title: A Fuzzy Pattern-based Filtering Algorithm for Botnet Detection
Authors: Kuochen Wang;Chun-Ying Huang;Shang-Jyh Lin;Ying-Dar Lin
Contributors: 國立臺灣海洋大學:資訊工程學系
Keywords: Botnet;Fuzzy pattern recognition;Network security;Real trace analysis
Date: 2011-10-27
Issue Date: 2013-03-15T08:25:56Z
Publisher: Computer Networks
Abstract: Abstract:Botnet has become a popular technique for deploying Internet crimes. Although signature-based bot detection techniques are accurate, they could be useless when bot variants are encountered. Therefore, behavior-based detection techniques become attractive due to their ability to detect bot variants and even unknown bots. In this paper, we propose a behavior-based botnet detection system based on fuzzy pattern recognition techniques. We intend to identify bot-relevant domain names and IP addresses by inspecting network traces. If domain names and IP addresses used by botnets can be identified, the information can be further used to prevent protected hosts from becoming one member of a botnet. To work with fuzzy pattern recognition techniques, we design several membership functions based on frequently observed bots’ behavior including: (1) generate failed DNS queries; (2) have similar DNS query intervals; (3) generate failed network connections; and (4) have similar payload sizes for network connections. Membership functions can be easily altered, removed, or added to enhance the capability of the proposed system. In addition, to improve the overall system performance, we develop a traffic reduction algorithm to reduce the amount of network traffic required to be inspected by the proposed system. Performance evaluation results based on real traces show that the proposed system can reduce more than 70% input raw packet traces and achieve a high detection rate (about 95%) and a low false positive rates (0–3.08%). Furthermore, the proposed FPRF algorithm is resource-efficient and can identify inactive botnets to indicate potential vulnerable hosts.
Relation: 55(15), pp.3275–3286
URI: http://ntour.ntou.edu.tw/handle/987654321/33431
Appears in Collections:[資訊工程學系] 期刊論文

Files in This Item:

There are no files associated with this item.

All items in NTOUR are protected by copyright, with all rights reserved.


著作權政策宣告: 本網站之內容為國立臺灣海洋大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,請合理使用本網站之內容,以尊重著作權人之權益。
網站維護: 海大圖資處 圖書系統組
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback