• Corpus ID: 9697285

Towards Efficient and Privacy-Preserving Network-Based Botnet Detection Using Netflow Data

  title={Towards Efficient and Privacy-Preserving Network-Based Botnet Detection Using Netflow Data},
  author={Sebastian Abt and Harald Baier},
  booktitle={International Network Conference},
Botnets pose a severe threat to the security of Internet-connected hosts and the availability of the Internet's infrastructure. In recent years, botnets have attracted many researchers. As a result, many achievements in studying different botnets' anatomies have been made and approaches to botnet detection have been developed. However, most of these approaches target at botnet detection using raw packet data. While this data provides the most complete view on botnet induced traffic, it usually… 

Figures and Tables from this paper

COFFEE: a Concept based on OpenFlow to Filter and Erase Events of botnet activity at high-speed nodes

COFFEE, the concept of a botnet detection and mitigation framework at large-scale networks, is introduced and the overall goal of COFFEE is to keep operational costs to a minimum.

Cost-Sensitive Distributed Machine Learning for NetFlow-Based Botnet Activity Detection

This paper proposed to use and implemented cost-sensitive distributed machine learning by means of distributed Extreme Learning Machines, distributed Random Forest, and Distributed Random Boosted-Trees to detect botnets and reported results show that the proposed system can be considered as a useful tool for the improvement of cybersecurity.

Privacy-Preserving Detection of IoT Devices Connected Behind a NAT in a Smart Home Setup

A machine learning based method that can detect devices of specific vulnerable IoT models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telco's infrastructure and availability of services and is shared to promote future research in this domain.

Anomaly Detection and Mitigation at Internet Scale: A Survey

A survey aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run, and finds that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures.

CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets

This study proposed a Conditional Hybrid Intrusion Detection (CHID) by combining the flow-based with packet-based detection to mitigate the false positive rate of flow- based detection and reduce the resource consumption of packets drop while preserving detection accuracy.

Distributed DDoS Defense:A collaborative Approach at Internet Scale

A trust model that determines a trust and a knowledge level of a security event to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in context of ISP networks.

Emerging Management Mechanisms for the Future Internet

The ICN paradigm is introduced, with a special focus on the Content-centric Networking (CCN) solution, and requirements and challenges for managing and monitoring the CCN network will be presented.

A Plea for Utilising Synthetic Data when Performing Machine Learning Based Cyber-Security Experiments

This position paper gives a plea for utilising synthetic data when performing machine learning based cyber-security experiments and discusses major challenges the community faces today and how synthetic data can help solving them.

Sparse Autoencoders for Unsupervised Netflow Data Classification

An outline of an unsupervised machine learning approach to cybersecurity, in particular, a proposal to use sparse autoencoders to detect the malicious behaviour of hosts in the network through the analysis of data in the form of Netflows for a use case.



BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic

This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection

This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).

A multifaceted approach to understanding the botnet phenomenon

This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.

Examining the criminology of bot zoo

  • J. Govil
  • Computer Science
    2007 6th International Conference on Information, Communications & Signal Processing
  • 2007
The results of the efforts done to understand the study of BotNets and developing detection technologies are presented and it is hoped that the information available in this paper will help the research community in the development of unique solution for BotNet detection and control.

Wide-Scale Botnet Detection and Characterization

The approach presented here differs from previous attempts to detect botnets by employing scalable non-intrusive algorithms that analyze vast amounts of summary traffic data collected on selected network links.

Revealing Botnet Membership Using DNSBL Counter-Intelligence

It is found that bots are performing reconnaissance on behalf of other bots, and counterintelligence techniques that may be useful for early bot detection are suggested.

A Survey of Botnet and Botnet Detection

A survey of botnet and botnet detection techniques is presented, which clarifies botnet phenomenon and discusses botnets detection techniques, and summarizes bot network detection techniques in each class and provides a brief comparison.

Usilng Machine Learning Technliques to Identify Botnet Traffic

This work presents work on using machine learning-based classification techniques to identify the command and control (C2) traffic of IRC-based botnets - compromised hosts that are collectively commanded using Internet relay chat (IRC).

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

This paper presents an approach to (distributed) DoS attack prevention that is based on the observation that coordinated automated activity by many hosts needs a mechanism to remotely control them and shows that this method can be realized in the Internet by describing how it infiltrated and tracked IRC-based botnets.

Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures

Fundamental concepts of botnets, including formation and exploitation, lifecycle, and two major kinds of topologies are discussed, followed by recent research work and possible future challenges.