Bayesian bot detection based on DNS traffic similarity

@inproceedings{VillamarnSalomn2009BayesianBD,
  title={Bayesian bot detection based on DNS traffic similarity},
  author={Ricardo Villamar{\'i}n-Salom{\'o}n and Jos{\'e} Carlos Brustoloni},
  booktitle={SAC},
  year={2009}
}
Bots often are detected by their communication with a command and control (C&C) infrastructure. To evade detection, botmasters are increasingly obfuscating C&C communications, e.g., by using fastflux or peer-to-peer protocols. However, commands tend to elicit similar actions in bots of a same botnet. We propose and evaluate a Bayesian approach for detecting bots based on the similarity of their DNS traffic to that of known bots. Experimental results and sensitivity analysis suggest that the… CONTINUE READING
Highly Cited
This paper has 68 citations. REVIEW CITATIONS

From This Paper

Figures, tables, and topics from this paper.
45 Citations
2 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 45 extracted citations

68 Citations

01020'10'12'14'16'18
Citations per Year
Semantic Scholar estimates that this publication has 68 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-2 of 2 references

A statistical approach to the spam problem

  • Gary Robinson
  • In Linux Journal
  • 2003
Highly Influential
5 Excerpts

Similar Papers

Loading similar papers…