An algorithm for anomaly-based botnet detection

被引:0
|
作者
Binkley, James R. [1 ]
Singh, Suresh [1 ]
机构
[1] Portland State Univ, Dept Comp Sci, Portland, OR 97207 USA
来源
USENIX ASSOCIATION PROCEEDINGS OF THE 2ND WORKSHOP ON STEPS TO REDUCING UNWANTED TRAFFIC ON THE INTERNET | 2006年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in channels. We sort the channels by the number of scanners producing a sorted list of potential botnets. This algorithm has been deployed in PSU's DMZ for over a year and has proven effective in reducing the number of botnet clients.
引用
收藏
页码:43 / +
页数:3
相关论文
共 50 条
  • [31] Anomaly-Based Intrusion Detection of Protocol-Aware Jamming
    Lichtman, Marc
    Reed, Jeffrey H.
    2015 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM 2015), 2015, : 269 - 274
  • [32] A Genetic Clustering Technique for Anomaly-Based Intrusion Detection Systems
    Aissa, Naila Belhadj
    Guerroumi, Mohamed
    2015 16TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNPD), 2015, : 87 - 92
  • [33] Anomaly-Based Intrusion Detection System for Ad hoc Networks
    Korba, Abdelaziz Amara
    Nafaa, Mehdi
    Ghamri-Doudane, Yacine
    2016 7TH INTERNATIONAL CONFERENCE ON THE NETWORK OF THE FUTURE (NOF), 2016,
  • [34] Anomaly-based network intrusion detection: Techniques, systems and challenges
    Garcia-Teodoro, P.
    Diaz-Verdejo, J.
    Macia-Fernandez, G.
    Vazquez, E.
    COMPUTERS & SECURITY, 2009, 28 (1-2) : 18 - 28
  • [35] Anomaly-Based Risk Detection Using Digital News Articles
    Pointner, Andreas
    Spitzer, Eva-Maria
    Krauss, Oliver
    Stoeckl, Andreas
    INTELLIGENT SYSTEMS AND APPLICATIONS, VOL 1, 2023, 542 : 1 - 16
  • [36] An anomaly-based approach for DDoS attack detection in cloud environment
    Rawashdeh, Adnan
    Alkasassbeh, Mouhammd
    Al-Hawawreh, Muna
    INTERNATIONAL JOURNAL OF COMPUTER APPLICATIONS IN TECHNOLOGY, 2018, 57 (04) : 312 - 324
  • [37] Measuring normality in HTTP traffic for anomaly-based intrusion detection
    Estévez-Tapiador, JM
    García-Teodoro, P
    Díaz-Verdejo, JE
    COMPUTER NETWORKS, 2004, 45 (02) : 175 - 193
  • [38] Anomaly-based Intrusion Detection using Distributed intelligent systems
    Morel, Benoit
    CRISIS: 2008 THIRD INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS, PROCEEDINGS, 2008, : 37 - 44
  • [39] ADroid: anomaly-based detection of malicious events in Android platforms
    Ruiz-Heras, A.
    Garcia-Teodoro, P.
    Sanchez-Casado, L.
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2017, 16 (04) : 371 - 384
  • [40] An Initial Investigation on Sliding Windows for Anomaly-Based Intrusion Detection
    Zoppi, Tommaso
    Ceccarelli, Andrea
    Bondavalli, Andrea
    2019 IEEE WORLD CONGRESS ON SERVICES (IEEE SERVICES 2019), 2019, : 99 - 104
12345