Title :
Enhancing Network Based Bot Detection with Contextual Information
Author :
Kawagcuhi, Nobutaka ; Okouchi, Kazuya ; Nakakoji, Hirofumi ; Kito, Tetsuro ; Shigemoto, Tomonori ; Terada, Masato
Author_Institution :
Syst. Dev. Lab., Hitachi, Ltd., Kawasaki, Japan
Abstract :
In this paper, we propose a bot detection method that enhances traffic analysis of Network based IDS (NIDS) by using process contextual information obtained from monitored machines. Existing NIDS classifies hosts suspected of doing both of the Command and Control (C&C) communication and infection activities as bots. However, this approach cannot conduct finer-grained analysis than IP address level, and which leads to false positives and negatives. To address this problem, this proposed method enables NIDS to achieve process-grained detection by feeding the contextual information of the processes that perform network activities. Through experiments using a prototype implementation on Xen and a bot sample, we demonstrate that the proposed method enables to detect bots appropriately.
Keywords :
IP networks; command and control systems; computer network security; telecommunication traffic; IP address; NIDS classification; Xen; command and control communication; finer grained analysis; infection activity; network based IDS; network based bot detection; process contextual information; process grained detection; prototype implementation; traffic analysis; IP networks; Malware; Monitoring; Postal services; Servers; Virtual machining; bot detection; security;
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
DOI :
10.1109/SAINT.2010.106
