Title :
Detection of botnets using combined host- and network-level information
Author :
Yuanyuan Zeng ; Xin Hu ; Shin, K.G.
Author_Institution :
Univ. of Michigan, Ann Arbor, MI, USA
fDate :
June 28 2010-July 1 2010
Abstract :
Bots are coordinated by a command and control (C&C) infrastructure to launch attacks that seriously threaten the Internet services and users. Most botnet-detection approaches function at the network level and require the analysis of packets´ payloads, raising privacy concerns and incurring large computational overheads. Moreover, network traffic analysis alone can seldom provide a complete picture of botnets´ behavior. By contrast, in-host detection approaches are useful to identify each bot´s host-wide behavior, but are susceptible to the host-resident malware if used alone. To address these limitations, we consider both the coordination within a botnet and the malicious behavior each bot exhibits at the host level, and propose a C&C protocol-independent detection framework that combines host- and network-level information for making detection decisions. The framework is shown to be effective in detecting various types of botnets with low false-alarm rates.
Keywords :
Internet; computer network security; invasive software; telecommunication traffic; Internet services; botnets; command and control infrastructure; host level information; host resident malware; network level information; network traffic analysis; packets payloads; privacy concerns; Command and control systems; Computer worms; Counting circuits; Inspection; Protocols; Relays; Storms; Telecommunication traffic; Web and internet services; Web server;
Conference_Titel :
Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-7500-1
Electronic_ISBN :
978-1-4244-7499-8
DOI :
10.1109/DSN.2010.5544306
