Title :
Botnet detection using social graph analysis
Author :
Jing Wang ; Paschalidis, Ioannis C.
Author_Institution :
Div. of Syst. Eng., Boston Univ., Boston, MA, USA
fDate :
Sept. 30 2014-Oct. 3 2014
Abstract :
Signature-based botnet detection methods identify botnets by recognizing Command and Control (C&C) traffic and can be ineffective for botnets that use new and sophisticate mechanisms for such communications. To address these limitations, we propose a novel botnet detection method that analyzes the social relationships among nodes. The method consists of two stages: (i) anomaly detection in an "interaction" graph among nodes using large deviations results on the degree distribution, and (ii) community detection in a social "correlation" graph whose edges connect nodes with highly correlated communications. The latter stage uses a refined modularity measure and formulates the problem as a non-convex optimization problem for which appropriate relaxation strategies are developed. We apply our method to real-world botnet traffic and compare its performance with other community detection methods. The results show that our approach works effectively and the refined modularity measure improves the detection accuracy.
Keywords :
concave programming; graph theory; invasive software; relaxation; anomaly detection; botnet detection method; botnet traffic; community detection methods; interaction graph; nonconvex optimization problem; refined modularity measure; relaxation strategies; social correlation graph; social graph analysis; social relationship analysis; Communities; Computer crime; Correlation; Erbium; Image edge detection; Monitoring; Vectors; Network anomaly detection; cyber-security; optimization; random graphs; social networks;
Conference_Titel :
Communication, Control, and Computing (Allerton), 2014 52nd Annual Allerton Conference on
Conference_Location :
Monticello, IL
DOI :
10.1109/ALLERTON.2014.7028482
