BotDigger: A Fuzzy Inference System for Botnet Detection

Size: px
Start display at page:

Download "BotDigger: A Fuzzy Inference System for Botnet Detection"

Transcription

1 The Fifth International Conference on Internet Monitoring and Protection BotDigger: A Fuzzy Inference System for Botnet Detection Basheer Al-Duwairi Network Engineering and Security Department Jordan University of Science and technology P.O. Box 3030, Irbid 22110, Jordan basheer@just.edu.jo Lina Al-Ebbini Computer Engineering Department Jordan University of Science and technology P.O. Box 3030, Irbid 22110, Jordan leen.bme@gmail.com Abstract This paper proposes BotDigger, a fuzzy logic-based botnet detection system. In this system, we derive a set of logical rules based on a well known botnet characteristics. Utilizing these rules, an adaptive logic algorithm will be applied on network traffic traces searching for botnet footprints and associating a trust level for each host present in the sampled data. Future work will focus on evaluating the proposed approach using real traffic traces. Keywords- network security; botnet detection; fuzzy logic I. INTRODUCTION A Botnet is a large collection of compromised machines, referred to as zombies [1]. Attackers are increasingly using these large networks of compromised machines to generate different types of attacks that include spam, distributed denial of service (DDoS), click fraud, identity theft, etc. [2], [3], [4]. Botnets generally operate in two main planes: the command and control (C&C) plane where bots receive commands from the botmaster, and the activity plane where bots execute these commands to launch different types of attacks [5], [6]. The C&C in botnets can take several forms with different levels of sophistication and robustness. Based on the control plane topology, botnets are classified into centralized, peer-to-peer, or random. In centralized botnets [3], usually based on the Internet relay chat (IRC) protocol, the botmaster sets up a central server and instructs bots to connect to it and wait for commands. The server waits for new bots to connect, registers them in its database, tracks their status and sends them commands selected by the botmaster. Hence, all bots join a specific channel on the IRC server and interpret all the messages they receive as commands. On the other side, peer-to-peer botnets are new yet rapidly growing Internet threats. There are no central servers that distribute commands in such type of botnets. To control the botnet, the botmaster need only to join the network as another peer and send the command to other peers to pass them along [7], [8]. Thus, if some nodes in a peer-to-peer network are taken offline, the gaps in the network are closed and the network continues to operate under the control of the control of the botmaster. In a decentralized botnet, such as that uses Hyper Text Transfer Protocol (HTTP), bots are not maintaining connection with a C&C server [9]. Instead, malicious bots connects periodically to an HTTP server that is under a botmaster s control. Detecting botnet traffic is a very challenging problem, because [2], [6]: (1) botnets use existing application protocol which makes it indistinguishable from the normal traffic; (2) the traffic volume is low and there may be very few bots in the targeted network, and (3) classifying traffic applications becomes more challenging due to the traffic content encryption and the unreliable destination port labeling method. In this paper, we propose a fuzzy-based botnet detection system. The proposed system, called BotDigger, utilizes fuzzy logic, in which we derive logical rules based on defined botnet characteristics. We believe that fuzzy logic is appropriate for botnet detection problem, because many quantitative features can potentially be viewed as fuzzy variables and security itself includes fuzziness. The rest of the paper is organized as follows. Section II discusses related work; Section III explains the proposed approach; the discussion is described in Section IV, and finally, in Section V, conclusion and future work are presented. II. RELATED WORK There have been a lot of research efforts on botnet detection in recent years. Previous work on this topic can be classified into the following approaches: 1) Sink-hole based detection: sinkhole fakes the C&C to live bots, it mimics botmaster while logging botnet membership information. Dagon et al. [10] use DNS sinkhole redirection to measure botnet properties and develop a diurnal model for botnet propagation. However, the sinkhole approach is limited to specific types of botnet to be detected, thus it can not support any type of botnet at any time. Of course, this approach requires cooperation from the entities that control the botnet domains. 2) DNSBL-based detection: The authors in [11] presented several techniques for detecting DNSbased Blackhole (DNSBL) reconnaissance activity, where botmasters perform lookups against the DNSBL to determine whether their spamming bots have been blacklisted. Although some bots perform a large number of reconnaissance queries, it appears that much of the /10 $ IEEE DOI /ICIMP

2 reconnaissance activity is spread across many bots each of which issue few queries, thus making detection more difficult. 3) Traffic-traces-based detection: Detecting botnets with tight C&C: The authors in [12] proposed an architecture that first eliminates traffic that is unlikely to be part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet based on the Naive Bayesian classification scheme, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. The major problem with this approach is that it is confined on overcoming malicious IRC-type botnet flows without considering other protocol types. BotHunter: A passive bot detection system, BotHunter, is presented in [13]. It uses vertical correlation to associate IDS events to a user defined bot infection dialog model. There is an evasive tactic resides in attack time threshold. BotSniffer: A network anomaly based botnet detection system [6]. It explores the spatialtemporal correlation and similarity properties of botnet command and control activities. BotMiner: Recently, a novel network anomaly based botnet detection system [14], called Bot- Miner, exhibits similar C&C communication patterns and similar malicious activities patterns. This approach suffers from an evasion of injection of flow-level noise. In this paper, we propose a new botnet detection approach. The proposed approach is similar to those presented in [12], [13], in the sense that it analyzes huge amount of traffic traces searching for botnet footprints. The main difference is that we employ fuzzy logic for botnet detection. The main contribution of this paper is the development of a fuzzy inference system (FIS) for botnet detection. This FIS is based on certain botnet characteristics that are well known for the research community. We believe that utilizing fuzzy logic in this context would improve the detection accuracy and allows the detection of emerging botnets. Future work will focus on an adaptive neurofuzzy inference system for automatic botnet detection. III. THE PROPOSED APPROACH Before going into the details of BotDigger, the proposed fuzzy inference system (FIS), we introduce basic information about fuzzy logic. Fuzzy logic is a powerful technique for dealing with human reasoning and decisionmaking processes. By applying fuzzy logic, we can quantify the contribution of a fuzzy membership set. A fuzzy expert system is a collection of membership functions and rules that are used to reason about data [15]. In fact, fuzzy logic has been widely used in the design and enhancement of a vast number of applications including linear and nonlinear control, pattern recognition, financial systems, operations research and data analysis [16]. The efficient use of fuzzy logic in different applications depends on the proper selection of the number, the type and the parameter of the fuzzy membership functions and rules. Fuzzy techniques incorporate information sources into a fuzzy rule base that represents the knowledge of the network structure so that structure learning techniques can easily be accomplished. The operation of a fuzzy logic system depends on the nature of the problem and does not follow a fixed pattern. Therefore, each application imposes certain design requirements. In the case of Botdigger, the fuzzy logic module will perform the following steps: Step 1: Dividing the input and output spaces into fuzzy regions. Fig. 3 shows an example where the domain interval of input 1 is divided into three regions. The shape of each membership function is gbell. Of course, other divisions of the domain regions and other membership functions are possible. Step 2: Generating fuzzy rules from given input terms, based on what situation(s) which action(s) should be taken and/or what information is available that give the specific value of the input and the corresponding successful output. Step 3: Assigning a degree to each rule, since it is highly probable that there will be some conflicting rules. Thus, the rule that has a maximum degree is accepted, hence the number of rules is reduced. Step 4: Determining a mapping based on the fuzzy rule base, where centroid defuzzification is used to define the smallest absolute value among all the points at which the membership function has membership value equal to one. Fig. 1. depicts the architecture of Botdigger. Botdigger takes reduced network traffic traces as an input and for each host present in the traces, it provides a score that represents the trust level of that host. The reduced network traffic traces can be obtained by following an approach similar to that used in [6], [9] and [12], where the filtered traffic includes those of one way traffic, traffic not originating from monitored hosts and traffic that is destined to legitimate servers. This means that the proposed approach firstly assumes filtering out unlikely flows, so that the most computationally intensive analysis is done on a reduced traffic set. The conserved flows are correlated with each other, looking for groups of flows that may be related by being part of the same botnet. The result is a group of flows that are most likely part of one or more botnets. In fact, the payloads of botnet packets might be encrypted, so they will not reflect the actual nature of botnet behavior. Therefore, in IRC-based botnets the considered 17

3 parameters will be related to packet headers and to some statistical analysis based on published facts regarding the anomaly behavior. For example, the average packet size of IRC is less than that of HTTP packet. Moreover, in the case of IRC the variance in packet size is large. Figure 1. Architecture overview of our BotDigger. The proposed system generates a set of rules based on the following attributes which characterize IRC and HTTPbased botnets: 1) Most packets are really small and appear in regular intervals (Ping/Pong communication), where normal IRC traffic has more and larger packets [4], [17], [18]. 2) Message exchange ratio [6]: the ratio between the ingoing messages (m i ) and the outgoing messages (m o ). In a normal traffic (m i / m o ) > 1, while in botnet traffic (m i / m o ) 1. In the botnet case, the number of incoming messages can be close to the number of outgoing messages because a client cannot receive the messages sent by other clients. The number of incoming messages can also be smaller than the number of outgoing messages, for example, when there are several responses from a bot corresponding to one botmaster command, or when the botmaster is currently shutting down. In contrast, in the normal case, usually there are multiple clients in the chatting channel, and a user usually receives more messages (from all other users) than he sends. 3) Homogeneity check (i.e. the activity response crowd) [6]: if two or more scans have similar distribution -which can be represented by entropy- of the target IP address, we can prove the presence of malicious traffic. Since, it is less likely that by chance two or more hosts form a homogeneity activity response. This attribute can be represented in fuzzy logic by firstly grouping who have similar entropy in the same cluster. Then, if the cluster size 2 it is considered a malicious, otherwise the case will be normal. 4) Degree of Periodic Repeatability (DPR): this variable represents the degree of periodic repeatability (i.e. the variance), where we should observe that the user is a bot, if the intervals between polling are regular. It is found that if DPR < 0.02 then there is malicious traffic [9]. At first glance the problem seems to be hard to manage, because too many variables need to be adjusted and several questions need to be answered. However, the proper selection of the variable types, terms classification and fuzzy membership functions were mainly dependent on statistical data and network knowledge. Then, the major challenge was to define consistent and comprehensive rules that are crucial for achieving precise detection. Firstly, the proposed fuzzy model contains four input variables (Port scanning, Message exchange ratio, Homogeneity check and Degree of periodic repeatability (DPR)) and one output variable representing the Trust level. The fuzzy inference system for the proposed fuzzy model is illustrated in Fig. 2. Each input variable is partitioned into a number of fuzzy subsets. The input and output variables are addressed and assigned with proper membership functions as illustrated in Fig. 3. The gbell membership function was used due to its smoothness and popularity in specifying fuzzy sets. Once the input and output sets are defined and the membership functions are addressed, fuzzy IF-THEN rules that link the input and output membership functions are defined based on various published approaches in this topic [4], [6], [9], [17] and [18]. Figure 2. The proposed Fuzzy Inference System (FIS) In the proposed FIS, the knowledge base consists of a collection of belief rules defined as follows: Heterogeneous) THEN (Trust Level is High) IF (Port Scanning is High) and (Message Exchange ratio is Low) and (Homogeneity check is Level is Very Low) 18

4 IF (Port Scanning is High) and (Message Exchange Heterogeneous) THEN (Trust Level is Medium) ratio is Low) and (Homogeneity check is Level is Low) Level is Low) IF (Port Scanning is Medium) and (Message Exchange ratio is Low) and (Homogeneity check is Level is Very Low) IF (Port Scanning is Medium) and (Message Exchange ratio is Low) and (Homogeneity check is Homogeneous) THEN (Trust Level is Medium) IF (Port Scanning is High) and (Message Exchange Heterogeneous) and (DPR is Small) THEN (Trust Level is Very Low) Heterogeneous) and (DPR is Small) THEN (Trust Level is Medium) (a) It is to be noted that all rules follow the following pattern: Rule r : IF x 1 is a 1 and x 2 is a 2 and and x n is a n THEN y is b Where x 1, x 2,, and x n represent the antecedent attributes in the rth rule; a i (i=1, 2,,n) is the value of the i th antecedent attribute; y represents the output consequent, and the value is b. (b) The defined rules are intuitive; based on the best of our knowledge and enhanced by recent research studies [4], [6], [9], [17] and [18]. The rules output is demonstrated using Min-Max law and a crisp output is computed using Centroid Defuzzification method. However, the rules were identified manually, thus, the rules may be approximate. Because this method is off-line in nature, it can become impractical and cannot detect realtime attacks. So, the future work will focus on dynamic rule generation method to train traces and extract new rules for botnets detection. (c) 19

5 (d) distribution; in Fig. 4 (a) the highest trust level appears where no port scan exists and where message exchange ratio > 1, while a malicious traffic is detected at the combination of high level of port scanning and message exchange ratio < 1. Thus, the values between those extremes will have a significant effect in minimizing the false positive rate (FPR) and false negative rate (FNR) as much as possible. However, according to our rules, the representation of the variables shows that both port scanning and message exchange ratio are the dominant in affecting the trust level. Regarding the HTTP traffic, we have considered the DPR that represents the variance of the traffic. As shown in Fig. 4 (b) there is a narrow range that depicts the relation between port scanning and DPR, where as DPR is less than 0.02 we can detect malicious HTTP traffic. Obviously, there is a lack in the parameters that describe HTTP traffic behavior. However, there were a few research papers examined HTTP traffic features to be considered in our work [9], [18]. Thus, it will be our task to explore other features that might be useful to our approach. (e) Figure 3. (a-d) Membership functions for the input variables, and (e) Membership function for the output variable. (a) IV. DISCUSSION Our preliminary results demonstrate that the fuzzy data mining techniques provide an effective means to learn and alert based on patterns extracted from large amounts of data. From a numerical perspective, it is found that the very low linguistic term in the trust level output represents 12.5 %, while the high linguistic term represents 81.2 %. Accordingly, we need to generate further rules; to achieve reasonable and more accurate trusted levels. At this point, it is worth mentioning that it would be much better to include other variables such as, time and geographical zones [19] to achieve a comprehensive, consistent and general model that has the potential to sustain wide range of botnets. The defined rules can also be clearly observed in threedimensional surface view as illustrated in Fig. 4. Clearly, the results represent translation of the rules into a numerical (b) Figure 4. Graphical representation of some of the input-output variables. (a) Port scan and message exchange ratio vs. Trust level. (b) Port scan and DPR vs. Trust level 20

6 V. CONCLUSIONS AND FUTURE WORK An intelligent system for botnet detection, called BotDigger, has been introduced. The proposed system utilizes fuzzy logic in order to define logical rules that are mainly based on some statistical facts and important features that identify botnet activities. The key advantage of the architecture designed in this research is that it allows the integration of wide range of traffic specifications. Most importantly, it is more reliable and flexible approach compared to the previous works, where our system has the capability to be extended in order to handle further new input parameters and then to generate more logical rules in order to support detection of any born attacks in the future. From the completeness point of view, further investigation is needed in order to add additional input variables, thus, more logical rules to our model. Moreover, the proposed model should be examined, evaluated and extended to represent an adaptive neurofuzzy inference system, where new rules could be generated by learning. REFERENCES [1] Zombie computer, available at accessed on 14 Feb [2] W. Lu and A. Ghorbani. "Botnets Detection Based on IRC Community". IEEE Communications Society, [3] C. Mazzariello. "IRC traffic analysis for botnet detection". IEEE Computer Sosciety, , [4] A. Karasaridis, B. Rexroad, and D. Hoeflin. "Widescale Botnet Detection and Characterization". In First Workshop on Hot Topics in Understanding Botnets, [5] M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. "A Multifaceted Approach to Understanding the Botnet Phenomenon". In Proceeding of IMC, 41-52, [6] G. Gu, J. Zhang, and W. Lee. "BotSniffer: Detecting botnet command and control channels in network traffic". In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 08), [7] E. Ruitenbeek and W. Sanders. "Modeling Peer-to-Peer Botnets". IEEE Computer Society, , [8] B. Wang, Z. Li, H. Tu, and J. Ma. " Measuring Peerto-Peer Botnets Using Control Flow Stability" International Conference on Availability, Reliability and Security, IEEE Computer Society, , [9] J. Lee, H. Jeong, J. Park, M. Kim, and B. Noh. "The Activity Analysis of Malicious HTTP based Botnets using Degree of Periodic Repeatability". International Conference on Security Technology, [10] D. Dagon, C. Zou, and W. Lee. "Modeling botnet propagation using time zones". In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS 06), [11] A. Ramachandran, N. Feamster, and D. Dagon. "Revealing Botnet Membership Using DNSBL Counter-Intelligence", [12] W. Strayer, R. Walsh, C. Livadas, and D. Lapsley. "Detecting Botnets with Tight Command and Control". IEEE Conference on Local Computer Networks (LCN 06), [13] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. "BotHunter: Detecting malware infection through ids-driven dialog correlation". In Proceedings of the 16th USENIX Security Symposium (Security 07), [14] G. Gu, R. Perdisci, J. Zhang, and W. Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocoland Structure-Independent Botnet Detection". In USENIX Security Symposium, July [15] L.A. Zadeh, Fuzzy sets, Information and Control 8, , [16] J. Mohammad, T. Andre, Z. Lotfi, and B. Serge, Applications of Fuzzy Logic: Towards High Machine Intelligence Quotient Systems. Upper Saddle River, NJ: Prentice-Hall, [17] C. Livadas, R. Walsh, D. Lapsley, and W. Strayer. "Using Machine Learning Techniques to Identify Botnet Traffic". 2nd IEEE LCN Workshop on Network Security, , [18] H. Weststrate. "Botnet detection using netflow information". 10th Twente Student Conference on IT, 23rd January, [19] D. Dagon, C. Zou, and W. Lee. "Modeling Botnet Propagation Using Time Zones",

BotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts

BotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts 2014 7th International Symposium on Telecommunications (IST'2014) BotCatch: Botnet Based on Coordinated Group Activities of Compromised Hosts Mosa Yahyazadeh and Mahdi Abadi Faculty of Electrical and Computer

More information

Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran

Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran 08-08-2011 Guide: Dr. B Ravindran Outline 1 Introduction 2 3 4 5 6 2 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.

More information

Detecting Spam Zombies By Monitoring Outgoing Messages

Detecting Spam Zombies By Monitoring Outgoing Messages International Refereed Journal of Engineering and Science (IRJES) ISSN (Online) 2319-183X, (Print) 2319-1821 Volume 5, Issue 5 (May 2016), PP.71-75 Detecting Spam Zombies By Monitoring Outgoing Messages

More information

A brief Incursion into Botnet Detection

A brief Incursion into Botnet Detection A brief Incursion into Anant Narayanan Advanced Topics in Computer and Network Security October 5, 2009 What We re Going To Cover 1 2 3 Counter-intelligence 4 What Are s? Networks of zombie computers The

More information

Accepted Manuscript. Original article. Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks

Accepted Manuscript. Original article. Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks Accepted Manuscript Original article Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks Basheer N. Al-Duwairi, Ahmad T. Al-Hammouri PII: S2090-1232(14)00003-4 DOI: http://dx.doi.org/10.1016/j.jare.2014.01.002

More information

Chapter 2 Malicious Networks for DDoS Attacks

Chapter 2 Malicious Networks for DDoS Attacks Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain

More information

Towards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data

Towards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data Chapter 2 Security and Privacy Towards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data S.Abt and H.Baier Center for Advanced Security Research, Faculty of Computer Science,

More information

REPORT DOCUMENTATION PAGE

REPORT DOCUMENTATION PAGE REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,

More information

A Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2

A Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2 A Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2 #1 M.E.(Computer science & Engineering, #2 Assistant Professor # Department of Computer Science &

More information

Multi-phase IRC Botnet & Botnet Behavior Detection Model

Multi-phase IRC Botnet & Botnet Behavior Detection Model Software Verification and Validation Multi-phase IRC Botnet & Botnet Behavior Detection Model Aymen AlAwadi aymen@tmit.bme.hu Budapest university of technology and economics Department of Telecommunications

More information

Outline. Motivation. Our System. Conclusion

Outline. Motivation. Our System. Conclusion Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve

More information

Fast Deployment of Botnet Detection with Traffic Monitoring

Fast Deployment of Botnet Detection with Traffic Monitoring 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing Fast Deployment of Botnet Detection with Traffic Monitoring Chung-Huang Yang Nation Kaohsiung Normal

More information

Botnet Behaviour Analysis using IP Flows

Botnet Behaviour Analysis using IP Flows 2014 28th International Conference on Advanced Information Networking and Applications Workshops Botnet Behaviour Analysis using IP Flows With HTTP filters using classifiers Fariba Haddadi, Jillian Morgan,

More information

Detecting Botnets Using Cisco NetFlow Protocol

Detecting Botnets Using Cisco NetFlow Protocol Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software

More information

Catching modern botnets using active integrated evidential reasoning

Catching modern botnets using active integrated evidential reasoning Tang et al. Journal of Internet Services and Applications 2013, 4:20 RESEARCH Catching modern botnets using active integrated evidential reasoning Yongning Tang 1*, Guang Cheng 2,3,JamesTYu 4 and Bin Zhang

More information

Basic Concepts in Intrusion Detection

Basic Concepts in Intrusion Detection Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification

More information

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning Detecting P2P Botnets through Network Behavior Analysis and Machine Learning Sherif Saad Email: shsaad@ece.uvic.ca Bassam Sayed Email: bassam@ece.uvic.ca Issa Traore Email: itraore@ece.uvic.ca David Zhao

More information

Detecting Spam Zombies by Monitoring Outgoing Messages

Detecting Spam Zombies by Monitoring Outgoing Messages Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan, Peng Chen, Fernando Sanchez Florida State University {duan, pchen, sanchez}@cs.fsu.edu Yingfei Dong University of Hawaii yingfei@hawaii.edu

More information

A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK

A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2

More information

International Journal of Computer Trends and Technology (IJCTT) Volume54 Issue 1- December 2017

International Journal of Computer Trends and Technology (IJCTT) Volume54 Issue 1- December 2017 A Reliable & Scalable Frame Work for HTTP BotNet Detection Dr.R.Kannan, Associate Professor, Department of Computerscience,Sri Ramakrishna Mission Vidyalaya College of arts and science Mrs.Poongodi Department

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK SPAM DETECTION USNIG SPOT TOOL SURAJ KUTE, DIPIKA MOHOD, PAYAL SHIRE, PRATIKSHA

More information

A Review-Botnet Detection and Suppression in Clouds

A Review-Botnet Detection and Suppression in Clouds A Review-Botnet Detection and Suppression in Clouds Namrata A. sable M.E.(CSE) G. H. Raisoni College of Engineering & Management, Amravati SGBAU, Amravati University Amravati(MS), India E-mail: namratasable10@gmail.com

More information

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE

More information

Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model

Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Bonfring International Journal of Data Mining, Vol. 7, No. 2, May 2017 6 Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Jae Moon Lee and Thien Nguyen Phu Abstract--- In the current

More information

HTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME DURATION

HTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME DURATION International Journal of Computer Engineering and Applications, Volume XI, Issue III, March 17, www.ijcea.com ISSN 2321-3469 HTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME

More information

P2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b

P2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b 2nd International Symposium on Advances in Electrical, Electronics and Computer Engineering (ISAEECE 2017) P2P Botnet Detection Method Based on Data Flow Wang Jiajia 1, a Chen Yu1,b 1 Taizhou Pylotechnic

More information

Application of Revised Ant Colony Optimization for Anomaly Detection Systems

Application of Revised Ant Colony Optimization for Anomaly Detection Systems Application of Revised Ant Colony Optimization for Anomaly Detection Systems Chia-Mei Chen1*, Wen-Ling Lo2, Ya-Hui Ou3, Gu-Hsin Lai3, Tse-Yao Wang3 1 Department of Information Management National Sun Yat-Sen

More information

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning 211 Ninth Annual International Conference on Privacy, Security and Trust Detecting P2P Botnets through Network Behavior Analysis and Machine Learning Sherif Saad Email: shsaad@ece.uvic.ca Issa Traore Email:

More information

Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data

Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Mark Patrick Roeling & Geoff Nicholls Department of Statistics University of Oxford Data Science

More information

Intrusion Detection by Combining and Clustering Diverse Monitor Data

Intrusion Detection by Combining and Clustering Diverse Monitor Data Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction

More information

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016 Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds

More information

P2P Botnet Detection through Malicious Fast Flux Network Identification

P2P Botnet Detection through Malicious Fast Flux Network Identification P2P Botnet Detection through Malicious Fast Flux Network Identification David Zhao Department of Electrical and Computer Engineering University of Victoria Victoria, BC, Canada davidzhao@ieee.org Issa

More information

Botnet Detection Using Honeypots. Kalaitzidakis Vasileios

Botnet Detection Using Honeypots. Kalaitzidakis Vasileios Botnet Detection Using Honeypots Kalaitzidakis Vasileios Athens, June 2009 What Is Botnet A Botnet is a large number of compromised computers, controlled by one or more Command-and-Control Servers, the

More information

Mapping Internet Sensors with Probe Response Attacks

Mapping Internet Sensors with Probe Response Attacks Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison

More information

BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic

BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic Hyunsang Choi, Heejo Lee, and Hyogon Kim Div. of Computer & Communication Engineering Korea University Seoul, South KOREA {realchs,

More information

Fuzzy Intrusion Detection

Fuzzy Intrusion Detection Fuzzy Intrusion Detection John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson Electrical and Computer Engineering Department Iowa State University Ames, IA, USA {jedicker,juslin,koukouso,julied}@iastate.edu

More information

Journal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article

Journal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):1055-1063 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 The novel approach of P2P Botnet Node-based detection

More information

Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification

Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification Fariba Haddadi and A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, NS, Canada

More information

ABSTRACT. threats in a network. Because, it becomes a route to launch several attacks such as Denial

ABSTRACT. threats in a network. Because, it becomes a route to launch several attacks such as Denial ABSTRACT Identifying and fixing the affected machines is the key step to resolve any security threats in a network. Because, it becomes a route to launch several attacks such as Denial of service attacks,

More information

Automatic Discovery of Botnet Communities on Large-Scale Communication Networks

Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani University of New Brunswick Fredericton, NB E3B 5A3, Canada {wlu,m.tavallaee,ghorbani}@unb.ca

More information

Fast and Evasive Attacks: Highlighting the Challenges Ahead

Fast and Evasive Attacks: Highlighting the Challenges Ahead Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling

More information

A Firewall Architecture to Enhance Performance of Enterprise Network

A Firewall Architecture to Enhance Performance of Enterprise Network A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle

More information

Mapping Internet Sensors with Probe Response Attacks

Mapping Internet Sensors with Probe Response Attacks Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe

More information

DDOS Attack Prevention Technique in Cloud

DDOS Attack Prevention Technique in Cloud DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing

More information

The evolution of malevolence

The evolution of malevolence Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks

More information

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

Botnet Communication Topologies

Botnet Communication Topologies Understanding the intricacies of botnet Command-and-Control By Gunter Ollmann, VP of Research, Damballa, Inc. Introduction A clear distinction between a bot agent and a common piece of malware lies within

More information

Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users

Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users ANT 2011 Dusan Stevanovic York University, Toronto, Canada September 19 th, 2011 Outline Denial-of-Service and

More information

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine International Journal of Wireless Communications, Networking and Mobile Computing 2016; 3(5): 48-52 http://www.aascit.org/journal/wcnmc ISSN: 2381-1137 (Print); ISSN: 2381-1145 (Online) Blackhole Attack

More information

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a

More information

Towards a Theoretical Framework for Trustworthy Cyber Sensing

Towards a Theoretical Framework for Trustworthy Cyber Sensing Towards a Theoretical Framework for Trustworthy Cyber Sensing Shouhuai Xu Department of Computer Science University of Texas at San Antonio shxu@cs.utsa.edu ABSTRACT Cyberspace is an indispensable part

More information

Deployment of Proposed Botnet Monitoring Platform using Online Malware Analysis for Distributed Environment

Deployment of Proposed Botnet Monitoring Platform using Online Malware Analysis for Distributed Environment Indian Journal of Science and Technology, Vol 7(8), 1087 1093, August 2014 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 Deployment of Proposed Botnet Monitoring Platform using Online Malware Analysis

More information

Detection of Network Intrusion and Countermeasure Selection in Cloud Systems

Detection of Network Intrusion and Countermeasure Selection in Cloud Systems IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. X (Mar-Apr. 2014), PP 84-88 Detection of Network Intrusion and Countermeasure Selection in

More information

Botnets Behavioral Patterns in the Network

Botnets Behavioral Patterns in the Network Botnets Behavioral Patterns in the Network Garcia Sebastian @eldracote Hack.Lu 2014 CTU University, Czech Republic. UNICEN University, Argentina. October 23, 2014 How are we detecting malware and botnets?

More information

Towards Fingerprinting Malicious Traffic

Towards Fingerprinting Malicious Traffic Available online at www.sciencedirect.com Procedia Computer Science 19 (2013 ) 548 555 The 4th International Conference on Ambient Systems, Networks and Technologies (ANT 2013) Towards Fingerprinting Malicious

More information

P2P Botnet Detection Based on Traffic Behavior Analysis and Classification

P2P Botnet Detection Based on Traffic Behavior Analysis and Classification Int. J. of Comp. & Info. Tech., (2018) 6(1): 01-12 ISBN: 2345-3877 www.ijocit.org Volume 6, Issue 1 Original Research_ P2P Botnet Detection Based on Traffic Behavior Analysis and Classification Hojjat

More information

Network Traffic Anomaly Detection based on Ratio and Volume Analysis

Network Traffic Anomaly Detection based on Ratio and Volume Analysis 190 Network Traffic Anomaly Detection based on Ratio and Volume Analysis Hyun Joo Kim, Jung C. Na, Jong S. Jang Active Security Technology Research Team Network Security Department Information Security

More information

Flow-based Anomaly Intrusion Detection System Using Neural Network

Flow-based Anomaly Intrusion Detection System Using Neural Network Flow-based Anomaly Intrusion Detection System Using Neural Network tational power to analyze only the basic characteristics of network flow, so as to Intrusion Detection systems (KBIDES) classify the data

More information

Texture Image Segmentation using FCM

Texture Image Segmentation using FCM Proceedings of 2012 4th International Conference on Machine Learning and Computing IPCSIT vol. 25 (2012) (2012) IACSIT Press, Singapore Texture Image Segmentation using FCM Kanchan S. Deshmukh + M.G.M

More information

Intrusion Detection and Prevention in Internet of Things

Intrusion Detection and Prevention in Internet of Things IJSRD National Conference on Advances in Computer Science Engineering & Technology May 2017 ISSN: 2321-0613 Intrusion Detection and Prevention in Internet of Things Mr. Maulik Bhensdadia 1 Mr. Aditya Kumar

More information

FUZZY INFERENCE SYSTEMS

FUZZY INFERENCE SYSTEMS CHAPTER-IV FUZZY INFERENCE SYSTEMS Fuzzy inference is the process of formulating the mapping from a given input to an output using fuzzy logic. The mapping then provides a basis from which decisions can

More information

Quadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks

Quadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks European Journal of Applied Sciences 8 (1): 41-46, 2016 ISSN 2079-2077 IDOSI Publications, 2016 DOI: 10.5829/idosi.ejas.2016.8.1.22852 Quadratic Route Factor Estimation Technique for Routing Attack Detection

More information

Detecting Spam Zombies by Monitoring Outgoing Messages

Detecting Spam Zombies by Monitoring Outgoing Messages Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan, Peng Chen, Fernando Sanchez Florida State University {duan, pchen, sanchez}@cs.fsu.edu Yingfei Dong University of Hawaii yingfei@hawaii.edu

More information

HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK

HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two

More information

FUZZY LOGIC TECHNIQUES. on random processes. In such situations, fuzzy logic exhibits immense potential for

FUZZY LOGIC TECHNIQUES. on random processes. In such situations, fuzzy logic exhibits immense potential for FUZZY LOGIC TECHNIQUES 4.1: BASIC CONCEPT Problems in the real world are quite often very complex due to the element of uncertainty. Although probability theory has been an age old and effective tool to

More information

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks Journal of Computer Science Original Research Paper Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks 1 Ayyamuthukumar, D. and 2 S. Karthik 1 Department of CSE,

More information

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop

More information

Check Point DDoS Protector Simple and Easy Mitigation

Check Point DDoS Protector Simple and Easy Mitigation Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an

More information

Collaborative Pattern-Based Filtering Algorithm for Botnet Detection

Collaborative Pattern-Based Filtering Algorithm for Botnet Detection World Engineering & Applied Sciences Journal 7 (3): 155-162, 2016 ISSN 2079-2204 IDOSI Publications, 2016 DOI: 10.5829/idosi.weasj.2016.7.3.22668 Collaborative Pattern-Based Filtering Algorithm for Botnet

More information

Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace

Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace IEEE TRANSACTIONS ON COMPUTERS, VOL. 64, NO. 1, JANUARY 2015 139 Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace Shui Yu, Senior Member, IEEE, Song Guo, Senior Member, IEEE, and Ivan

More information

Statistical based Approach for Packet Classification

Statistical based Approach for Packet Classification Statistical based Approach for Packet Classification Dr. Mrudul Dixit 1, Ankita Sanjay Moholkar 2, Sagarika Satish Limaye 2, Devashree Chandrashekhar Limaye 2 Cummins College of engineering for women,

More information

CHAPTER 5 FUZZY LOGIC CONTROL

CHAPTER 5 FUZZY LOGIC CONTROL 64 CHAPTER 5 FUZZY LOGIC CONTROL 5.1 Introduction Fuzzy logic is a soft computing tool for embedding structured human knowledge into workable algorithms. The idea of fuzzy logic was introduced by Dr. Lofti

More information

Graph-based Detection of Anomalous Network Traffic

Graph-based Detection of Anomalous Network Traffic Graph-based Detection of Anomalous Network Traffic Do Quoc Le Supervisor: Prof. James Won-Ki Hong Distributed Processing & Network Management Lab Division of IT Convergence Engineering POSTECH, Korea lequocdo@postech.ac.kr

More information

Quadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks

Quadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks European Journal of Applied Sciences 8 (1): 55-61, 2016 ISSN 2079-2077 IDOSI Publications, 2016 DOI: 10.5829/idosi.ejas.2016.8.1.22863 Quadratic Route Factor Estimation Technique for Routing Attack Detection

More information

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV) Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Revealing Botnet Membership Using DNSBL Counter-Intelligence

Revealing Botnet Membership Using DNSBL Counter-Intelligence Revealing Botnet Membership Using DNSBL Counter-Intelligence David Dagon dagon@cc.gatech.edu Anirudh Ramachandran, Nick Feamster, College of Computing, Georgia Tech From the presses Botnets send masses

More information

WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY

WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach

More information

Unique Phishing Attacks (2008 vs in thousands)

Unique Phishing Attacks (2008 vs in thousands) The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half

More information

Review on Data Mining Techniques for Intrusion Detection System

Review on Data Mining Techniques for Intrusion Detection System Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,

More information

CHAPTER 3 A FAST K-MODES CLUSTERING ALGORITHM TO WAREHOUSE VERY LARGE HETEROGENEOUS MEDICAL DATABASES

CHAPTER 3 A FAST K-MODES CLUSTERING ALGORITHM TO WAREHOUSE VERY LARGE HETEROGENEOUS MEDICAL DATABASES 70 CHAPTER 3 A FAST K-MODES CLUSTERING ALGORITHM TO WAREHOUSE VERY LARGE HETEROGENEOUS MEDICAL DATABASES 3.1 INTRODUCTION In medical science, effective tools are essential to categorize and systematically

More information

Detection of Botnets Using Combined Host- and Network-Level Information

Detection of Botnets Using Combined Host- and Network-Level Information 201O IEEEIIFIP International Conference on Dependable Systems & Networks (DSN) Detection of Botnets Using Combined Host- and Network-Level Information Yuanyuan Zeng, Xin Hu, Kang G. Shin The University

More information

Exploring Gaussian and Triangular Primary Membership Functions in Non-Stationary Fuzzy Sets

Exploring Gaussian and Triangular Primary Membership Functions in Non-Stationary Fuzzy Sets Exploring Gaussian and Triangular Primary Membership Functions in Non-Stationary Fuzzy Sets S. Musikasuwan and J.M. Garibaldi Automated Scheduling, Optimisation and Planning Group University of Nottingham,

More information

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,

More information

Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.

Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic. Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version

More information

A Fuzzy System for Adaptive Network Routing

A Fuzzy System for Adaptive Network Routing A Fuzzy System for Adaptive Network Routing A. Pasupuleti *, A.V. Mathew*, N. Shenoy** and S. A. Dianat* Rochester Institute of Technology Rochester, NY 14623, USA E-mail: axp1014@rit.edu Abstract In this

More information

COUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION DETECTION

COUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION DETECTION International Journal of Computer Engineering and Applications, Volume IX, Issue VIII, August 2015 www.ijcea.com ISSN 2321-3469 COUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION

More information

K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection

K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection Zhenghui Ma School of Computer Science The University of Birmingham Edgbaston, B15 2TT Birmingham, UK Ata Kaban School of Computer

More information

A Novel Image Classification Model Based on Contourlet Transform and Dynamic Fuzzy Graph Cuts

A Novel Image Classification Model Based on Contourlet Transform and Dynamic Fuzzy Graph Cuts Appl. Math. Inf. Sci. 6 No. 1S pp. 93S-97S (2012) Applied Mathematics & Information Sciences An International Journal @ 2012 NSP Natural Sciences Publishing Cor. A Novel Image Classification Model Based

More information

Detecting Malicious Hosts Using Traffic Flows

Detecting Malicious Hosts Using Traffic Flows Detecting Malicious Hosts Using Traffic Flows Miguel Pupo Correia joint work with Luís Sacramento NavTalks, Lisboa, June 2017 Motivation Approach Evaluation Conclusion Outline 2 1 Outline Motivation Approach

More information

Chapter 10: Denial-of-Services

Chapter 10: Denial-of-Services Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different

More information

Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric

Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric HeyShanthiniPandiyaKumari.S 1, Rajitha Nair.P 2 1 (Department of Computer Science &Engineering,

More information

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing

More information

MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES

MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES 1 Kalavathy.D, 2 A Gowthami, 1 PG Scholar, Dept Of CSE, Salem college of engineering and technology, 2 Asst Prof, Dept Of CSE,

More information

MITIGATION OF DENIAL OF SERVICE ATTACK USING ICMP BASED IP TRACKBACK. J. Gautam, M. Kasi Nivetha, S. Anitha Sri and P. Madasamy

MITIGATION OF DENIAL OF SERVICE ATTACK USING ICMP BASED IP TRACKBACK. J. Gautam, M. Kasi Nivetha, S. Anitha Sri and P. Madasamy MITIGATION OF DENIAL OF SERVICE ATTACK USING ICMP BASED IP TRACKBACK J. Gautam, M. Kasi Nivetha, S. Anitha Sri and P. Madasamy Department of Information Technology, Velammal College of Engineering and

More information

Security: Worms. Presenter: AJ Fink Nov. 4, 2004

Security: Worms. Presenter: AJ Fink Nov. 4, 2004 Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like

More information

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,

More information

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack J.Anbu selvan 1, P.Bharat 2, S.Mathiyalagan 3 J.Anand 4 1, 2, 3, 4 PG Scholar, BIT, Sathyamangalam ABSTRACT:

More information

A Taxonomy of Botnet Structures

A Taxonomy of Botnet Structures A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007 What is a botnet?

More information