Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems

@article{Bossert2011ModellingTS,
  title={Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems},
  author={Georges Bossert and Guillaume Hiet and Thibaut H{\'e}nin},
  journal={2011 Conference on Network and Information Systems Security},
  year={2011},
  pages={1-8}
}
The purpose of this paper is the modelization and simulation of zombie machines for the evaluation of Network Intrusion Detection Systems (NIDS), used to detect botnets. We propose an automatic method to infer zombies behaviours through the analysis of messages exchanged with their masters. Once computed, a model provides a way to generate realistic and manageable traffic, which is mandatory for an NIDS evaluation. We propose to use a Stochastic Mealy Machine to model zombies behaviours, and an… CONTINUE READING
Highly Cited
This paper has 23 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 12 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 22 references

Introduction to Probabilistic Automata

  • A. Paz
  • 1971
Highly Influential
6 Excerpts

Similar Papers

Loading similar papers…