Title :
Online Botnet Detection by Continuous Similarity Monitoring
Author :
Yu, Xiaocong ; Dong, Xiaomei ; Yu, Ge ; Qin, Yuhai ; Yue, Dejun ; Zhao, Yan
Author_Institution :
Sch. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China
Abstract :
Botnet detection has attracted lots of attention. But few works have considered online detection. In this paper, we propose a novel approach that can monitor the botnet activities in real time. We define the concept of ldquofeature streamrdquo to describe raw network traffics. If some feature streams show high similarities, the corresponding host will be regarded as suspicious bots which will be added into the candidate bots set to confirm the final results. The experimental evaluations show that our approach can detect botnet activities successfully with high efficiency and low false positive rate.
Keywords :
Internet; security of data; telecommunication security; telecommunication traffic; Internet security threats; continuous similarity monitoring; feature stream; network traffics; online botnet detection; Command and control systems; Databases; Electronic commerce; Information analysis; Information science; Internet; Monitoring; Network servers; Security; Telecommunication traffic; Discrete Fouries Transform; botnet detection; online style; similarity;
Conference_Titel :
Information Engineering and Electronic Commerce, 2009. IEEC '09. International Symposium on
Conference_Location :
Ternopil
Print_ISBN :
978-0-7695-3686-6
DOI :
10.1109/IEEC.2009.35
