CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

被引：39

作者：

Dietrich, Christian J. ^{[1
,3
]}

Rossow, Christian ^{[1
,2
]}

Pohlmann, Norbert ^{[1
]}

机构：

[1] Univ Appl Sci Gelsenkirchen, Inst Internet Secur, D-45877 Gelsenkirchen, Germany

[2] Vrije Univ Amsterdam, Network Inst, Amsterdam, Netherlands

[3] Univ Erlangen Nurnberg, Dept Comp Sci, D-91054 Erlangen, Germany

来源：

COMPUTER NETWORKS | 2013年 / 57卷 / 02期

关键词：

Botnet C&C; Botnet detection; Traffic analysis; Network security;

D O I：

10.1016/j.comnet.2012.06.019

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present CoCoSpot, a novel approach to recognize botnet command and control channels solely based on traffic analysis features, namely carrier protocol distinction, message length sequences and encoding differences. Thus, CoCoSpot can deal with obfuscated and encrypted C&C protocols and complements current methods to fingerprint and recognize botnet C&C channels. Using average-linkage hierarchical clustering of labeled C&C flows, we show that for more than 20 recent botnets and over 87,000 C&C flows, CoCoSpot can recognize more than 88% of the C&C flows at a false positive rate below 0.1%. (c) 2012 Elsevier B.V. All rights reserved.

引用

页码：475 / 486

页数：12

共 50 条

[21] Behaviour based botnet detection with traffic analysis and flow interavals using PSO and SVM
Kapre, Amruta
Padmavathi, B.
2017 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL SYSTEMS (ICICCS), 2017, : 718 - 722
[22] Adaptive behaviour pattern based botnet detection using traffic analysis and flow interavals
2017, Institute of Electrical and Electronics Engineers Inc., United States (2017-January):
[23] Adaptive behaviour pattern based botnet detection using traffic analysis and flow interavals
Kapre, Amruta
Padmavathi, B.
2017 INTERNATIONAL CONFERENCE OF ELECTRONICS, COMMUNICATION AND AEROSPACE TECHNOLOGY (ICECA), VOL 1, 2017, : 410 - 414
[24] Air Traffic Trajectory Clustering Using Procrustes Analysis
Chiaratti, Anthony
McFadyen, Aaron
2023 IEEE/AIAA 42ND DIGITAL AVIONICS SYSTEMS CONFERENCE, DASC, 2023,
[25] Modeling Botnet C&C Traffic Lifespans from NetFlow Using Survival Analysis
Oujezsky, Vaclav
Horvath, Tomas
Skorpil, Vladislav
2016 39TH INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS AND SIGNAL PROCESSING (TSP), 2016, : 50 - 55
[26] Error analysis of air traffic control command decision based on rough complex network
Wang Xinyu
Cui Haolin
Yang Jie
PROCEEDINGS OF THE 2016 7TH INTERNATIONAL CONFERENCE ON MECHATRONICS, CONTROL AND MATERIALS (ICMCM 2016), 2016, 104 : 695 - 698
[27] Data Analysis of Vessel Traffic Flow Using Clustering Algorithms
Zheng Bin
Chen Jinbiao
Xia Shaosheng
Jin Yongxing
INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION TECHNOLOGY AND AUTOMATION, VOL 2, PROCEEDINGS, 2008, : 243 - 246
[28] TOD optimal control method of urban traffic based on clustering analysis
Yao, Jiao
Xu, Jie-Qiong
Han, Yin
Jiaotong Yunshu Gongcheng Xuebao/Journal of Traffic and Transportation Engineering, 2014, 14 (06): : 110 - 116
[29] BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning
Prasad, Arvind
Chandra, Shalini
ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING, 2024, 49 (03) : 3313 - 3329
[30] BotDefender: A Collaborative Defense Framework Against Botnet Attacks using Network Traffic Analysis and Machine Learning
Arvind Prasad
Shalini Chandra
Arabian Journal for Science and Engineering, 2024, 49 : 3313 - 3329

← 1 2 3 4 5 →