Title :
Collaborative approach for inter-domain botnet detection in large-scale networks
Author :
Guerid, Hachem ; Mittig, Karel ; Serhrouchni, Ahmed
Author_Institution :
Orange Labs., Caen, France
Abstract :
The members of almost all botnets are distributed between several networks. Such distribution hardens their detection as the centralized approaches require to centralize network data for their analysis, which is indeed not possible in regard to the legacy and business constraints applied to network operators. In this paper, we propose a collaborative and inter-domain botnet detection system which conciliates the requirements of privacy and business preservation, while enabling realtime analysis for large scale networks. The different probes of our collaborative detection system exchange anonymised information in order to synchronize the network analysis of the members of botnets and to identify the malicious servers controlling them. We evaluated our system using anonymised traffic captured on an operator´s network, and the results showed an improvement of 31% of malicious servers detected resulting from the collaboration, and this without significant performance impact and bandwidth overhead (respectively 4% and 11kb/s).
Keywords :
computer network security; data privacy; groupware; invasive software; telecommunication traffic; anonymised information exchange; anonymised traffic; business preservation; centralized approach; collaborative approach; collaborative detection system; interdomain botnet detection system; large-scale network real time analysis; malicious server identification; privacy preservation; Collaboration; Communities; Monitoring; Privacy; Probes; Servers; Vectors; Bloom filters; Botnet detection; Collaborative detection; Domain-flux botnets; Inter-domain detection;
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on
Conference_Location :
Austin, TX
