DocumentCode :
3035570
Title :
Effective Flow Filtering for Botnet Search Space Reduction
Author :
Walsh, Robert ; Lapsley, David ; Strayer, W. Timothy
Author_Institution :
BBN Technol., Cambridge, MA
fYear :
2009
fDate :
3-4 March 2009
Firstpage :
141
Lastpage :
149
Abstract :
The use of sophisticated techniques is essential to detect and identify the presence of botnet flows, but these techniques can be expensive in computational and memory resources. A critical first pass is to filter out all traffic that is highly unlikely to be part of a botnet, allowing the more complex algorithms to run over a much smaller set of flows. This paper presents our studies and experience in filtering flows to reduce the botnet search space, and shows that a series of simple filters can provide as much as a 37-fold reduction in the flow set.
Keywords :
Internet; information filtering; security of data; botnet search space reduction; complex algorithms; flow filtering; Assembly; Command and control systems; Computer security; Filtering; Filters; Internet; Machine learning; Pipelines; Space technology; Telecommunication traffic; Investigative Prevention Technologies; Network Attack Forensics; Traceback;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
Type :
conf
DOI :
10.1109/CATCH.2009.22
Filename :
4804437
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3035570
بازگشت