Exploiting Temporal Persistence to Detect Covert Botnet Channels

@inproceedings{Giroire2009ExploitingTP,
  title={Exploiting Temporal Persistence to Detect Covert Botnet Channels},
  author={Fr{\'e}d{\'e}ric Giroire and Jaideep Chandrashekar and Nina Taft and Eve M. Schooler and Konstantina Papagiannaki},
  booktitle={RAID},
  year={2009}
}
We describe a method to detect botnet command and control traffic and individual end-hosts. We introduce the notion of ”destination traffic atoms” which aggregate the destinations and services that are communicated with. We then compute the ”persistence”, which is a measure of temporal regularity and that we propose in this paper, for individual destination atoms. Very persistent destination atoms are added to a host’s whitelist during a training period. Subsequently, we track the persistence… CONTINUE READING
Highly Cited
This paper has 76 citations. REVIEW CITATIONS

6 Figures & Tables

Topics

Statistics

010202009201020112012201320142015201620172018
Citations per Year

77 Citations

Semantic Scholar estimates that this publication has 77 citations based on the available data.

See our FAQ for additional information.