Botnet Behavior Detection using Network Synchronism

Autores
García, Sebastián; Zunino, Alejandro; Campo, Marcelo
Año de publicación
2010
Idioma
inglés
Tipo de recurso
documento de conferencia
Estado
versión publicada
Descripción
Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.
Sociedad Argentina de Informática e Investigación Operativa
Materia
Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
Nivel de accesibilidad
acceso abierto
Condiciones de uso
http://creativecommons.org/licenses/by-nc-sa/4.0/
Repositorio
SEDICI (UNLP)
Institución
Universidad Nacional de La Plata
OAI Identificador
oai:sedici.unlp.edu.ar:10915/152798
Acceder
id SEDICI_443acfe36a91f691caafc66c09a984eb
oai_identifier_str oai:sedici.unlp.edu.ar:10915/152798
network_acronym_str SEDICI
repository_id_str 1329
network_name_str SEDICI (UNLP)
spelling Botnet Behavior Detection using Network SynchronismGarcía, SebastiánZunino, AlejandroCampo, MarceloCiencias InformáticasBotnetdetectionclusteringEM algorithmsecurityBotnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.Sociedad Argentina de Informática e Investigación Operativa2010info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf1739-1750http://sedici.unlp.edu.ar/handle/10915/152798enginfo:eu-repo/semantics/altIdentifier/url/http://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdfinfo:eu-repo/semantics/altIdentifier/issn/1850-2806info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/4.0/Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-09-17T10:22:03Zoai:sedici.unlp.edu.ar:10915/152798Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-09-17 10:22:03.62SEDICI (UNLP) - Universidad Nacional de La Platafalse
dc.title.none.fl_str_mv Botnet Behavior Detection using Network Synchronism
title Botnet Behavior Detection using Network Synchronism
spellingShingle Botnet Behavior Detection using Network Synchronism
García, Sebastián
Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
title_short Botnet Behavior Detection using Network Synchronism
title_full Botnet Behavior Detection using Network Synchronism
title_fullStr Botnet Behavior Detection using Network Synchronism
title_full_unstemmed Botnet Behavior Detection using Network Synchronism
title_sort Botnet Behavior Detection using Network Synchronism
dc.creator.none.fl_str_mv García, Sebastián
Zunino, Alejandro
Campo, Marcelo
author García, Sebastián
author_facet García, Sebastián
Zunino, Alejandro
Campo, Marcelo
author_role author
author2 Zunino, Alejandro
Campo, Marcelo
author2_role author
author
dc.subject.none.fl_str_mv Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
topic Ciencias Informáticas
Botnet
detection
clustering
EM algorithm
security
dc.description.none.fl_txt_mv Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.
Sociedad Argentina de Informática e Investigación Operativa
description Botnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.
publishDate 2010
dc.date.none.fl_str_mv 2010
dc.type.none.fl_str_mv info:eu-repo/semantics/conferenceObject
info:eu-repo/semantics/publishedVersion
Objeto de conferencia
http://purl.org/coar/resource_type/c_5794
info:ar-repo/semantics/documentoDeConferencia
format conferenceObject
status_str publishedVersion
dc.identifier.none.fl_str_mv http://sedici.unlp.edu.ar/handle/10915/152798
url http://sedici.unlp.edu.ar/handle/10915/152798
dc.language.none.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv info:eu-repo/semantics/altIdentifier/url/http://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdf
info:eu-repo/semantics/altIdentifier/issn/1850-2806
dc.rights.none.fl_str_mv info:eu-repo/semantics/openAccess
http://creativecommons.org/licenses/by-nc-sa/4.0/
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
eu_rights_str_mv openAccess
rights_invalid_str_mv http://creativecommons.org/licenses/by-nc-sa/4.0/
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
dc.format.none.fl_str_mv application/pdf
1739-1750
dc.source.none.fl_str_mv reponame:SEDICI (UNLP)
instname:Universidad Nacional de La Plata
instacron:UNLP
reponame_str SEDICI (UNLP)
collection SEDICI (UNLP)
instname_str Universidad Nacional de La Plata
instacron_str UNLP
institution UNLP
repository.name.fl_str_mv SEDICI (UNLP) - Universidad Nacional de La Plata
repository.mail.fl_str_mv alira@sedici.unlp.edu.ar
_version_ 1843532930058551296
score 13.004268

Publicaciones similares