Please use this identifier to cite or link to this item:
|Title: ||Effective Bot Host Detection Based on Network Failure Models|
|Authors: ||Chun-Ying Huang|
|Keywords: ||Botnet;Network failure model;Network management;Network security|
|Issue Date: ||2013-03-15T08:28:09Z
|Publisher: ||Computer Networks|
|Abstract: ||Abstract:Botnet is one of the most notorious threats to Internet users. Attackers intrude into a large group of computers, install remote-controllable software, and then ask the compromised computers to launch large-scale Internet attacks, including sending spam and DDoS attacks. From the perspective of network administrators, it is important to identify bots in local networks. Bots residing in a local network could increase the difficulty to manage the network. Compared with bots outside of a local network, inside bots can easily bypass access controls applied to outsiders and access resources restricted to local users.
In this paper, we propose an effective solution to detect bot hosts within a monitored local network. Based on our observations, a bot often has a differentiable failure pattern because of the botnet-distributed design and implementation. Hence, by monitoring failures generated by a single host for a short period, it is possible to determine whether the host is a bot or not by using a well-trained model. The proposed solution does not rely on aggregated network information, and therefore, works independent of network size. Our experiments show that the failure patterns among normal traffic, peer-to-peer traffic, and botnet traffic can be classified accurately. In addition to the ability to detect bot variants, the classification model can be retrained systematically to improve the detection ability for new bots. The evaluation results show that the proposed solution can detect bot hosts with more than 99% accuracy, whereas the false positive rate is lower than 0.5%.
|Appears in Collections:||[資訊工程學系] 期刊論文|
Files in This Item:
There are no files associated with this item.
All items in NTOUR are protected by copyright, with all rights reserved.