Clustering botnet communication traffic based on n-gram feature selection
Tóm tắt
Từ khóa
Tài liệu tham khảo
Symantec Internet Security Threat Report. <http://www.symantec.com/business/theme.jsp?themeid=threatreport, 2008.
Taxonomy of Botnet Threats. <http://www.webbuyersguide.com/resource/white-paper/8021/Taxonomy-of-Botnet-Threats>.
K. Chiang, L. Lloyd, A case study of the rustock rootkit and spam bot, in: Proceedings of USENIX HotBots, 2007.
N. Daswani, M. Stoppelman, The anatomy of clickbot. A., in: Proceedings of USENIX HotBots, 2007.
Sinit. <http://www.secureworks.com/research/threats/sinit/>, 2008.
Phatbot. <http://www.secureworks.com/research/threats/phatbot/>, 2008.
Nugache. <http://www.securityfocus.com/news/11390/>, 2008.
Storm Worm Analysis. <http://www.secureworks.com/research/blog/index.php/2007/09/12/analysisof-storm-worm-ddos-traffic/>.
T. Holz, M. Steiner, F. Dahl, E. Biersack, F. Freiling, Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm, in: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats.
G. Gu, R. Perdisci, J. Zhang, W. Lee, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection, in: Proceedings of the 17th USENIX Security Symposium (Security’08), 2008.
T. Strayer, D. Lapsley, R. Walsh, C. Livadas, Botnet Detection: Countering the Largest Security Threat, vol. 36, Chapter Botnet Detection Based on Network Behavior, Springer, 2008.
C. Livadas, R. Walsh, D. Lapsley, T. Strayer, Using machine learning techniques to identify botnet traffic, in: Proceedings 2006 31st IEEE Conference on Local Computer Networks, 2006, pp. 967–974.
W. Wang, B. Fang, Z. Zhang, C. Li, A novel approach to detect IRC-based botnets, in: International Conference on Networks Security, Wireless Communications and Trusted Computing, Wuhan, Hubei, 2009, pp. 408–411.
J. Goebel, T. Holz, Rishi: identify bot contaminated hosts by irc nickname evaluation, in: HotBots’07: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA, 2007 (USENIX Association).
P. Sroufe, S. Phithakkitnukoon, R. Dantu, J. Cangussu, Email shape analysis for spam botnet detection, in: Sixth IEEE Consumer Communications and Networking Conference, Las Vegas, NV, January 2009, pp. 1–2.
A. Brodsky, D. Brodsky, A distributed content independent method for spam detection, in: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, 2007, p. 3.
Y. Zhao, Y.L. Xie, F. Yu, Q.F. Ke, Y. Yu, Y. Chen, E. Gillum, BotGraph: large-scale spamming botnet detection, in: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, 2008, pp. 321–334.
G. Gu, J. Zhang, W. Lee, BotSniffer: Detecting botnet command and control channels in network traffic, in: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08), 2008.
J.R. Binkley, S. Singh, An algorithm for anomaly-based botnet detection, in: USENIX SRUTI: 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, 2006.
M.M. Masud, J. Gao, L. Khan, B. Thuraisingham, Peer to peer botnet detection for cyber-security: a data mining approach, in: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, Oak Ridge, Tennessee, 2008.
R. Villamarín-Salomón, J.C. Brustoloni, Bayesian bot detection based on DNS traffic similarity, in: Proceedings of the 2009 ACM Symposium on Applied Computing, Honolulu, Hawaii, 2009, pp. 2035–2041.
Y. Kugisaki, Y. Kasahara, Y. Hori, K. Sakurai, Bot detection based on traffic analysis, in: The 2007 International Conference on Intelligent Pervasive Computing, Jeju City, October 2007, pp. 303–306.
E. Stinson, J.C. Mitchell, Towards systematic evaluation of the evadability of bot/botnet detection methods, in: Workshop On Offensive Technologies (WOOT), San Jose, CA, USA, 2008.
H. Choi, H. Lee, H. Kim, Botnet detection by monitoring group activities in DNS traffic, in: International Conference on Computer and Information Technology, Aizu-Wakamatsu, Fukushima, 2007, pp. 715–720.
R. Villamarin-Salomon, J.C. Brustoloni, Identifying botnets using anomaly detection techniques applied to DNS traffic, in: Fifth IEEE Consumer Communications and Networking Conference, Las Vegas, NV, 2008, pp. 476–481.
IANA Port Numbers. <http://www.iana.org/assignments/port-numbers>, 2008.
Erman, 2007, Offline/realtime traffic classification using semi-supervised learning, Performance Evaluation, 64, 1194, 10.1016/j.peva.2007.06.014
Bernaille, 2006, Traffic classification on the fly, ACM SIGCOMM Computer Communication Review, 36, 23, 10.1145/1129582.1129589
L. Bernaille, R. Teixeira, Early recognition of encrypted applications, in: Proceedings of Passive and Active Measurement Conference (PAM 2007), Louvain-la-neuve, Belgium, 2007, pp. 165–175.
S. Sen, J. Wang, Analyzing peer-to-peer traffic across large networks, in: Proceedings of ACM SIGCOMM Internet Measurement Workshop, Marseilles, France, 2002.
A. Moore, K. Papagiannaki, Toward the accurate identification of network applications, in: Proceedings of 6th Passive and Active Measurement Workshop (PAM 2005), 2005.
T. Karagiannis, K. Papagiannaki, M. Faloutsos, BLINC: multilevel traffic classification in the dark, in: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Philadelphia, Pennsylvania, 2005, pp. 229–240.
Salgarelli, 2008, Comparing traffic classifiers, ACM SIGCOMM Computer Communication Review, 37, 65, 10.1145/1273445.1273454
Fred-eZone WiFi ISP. <http://www.fred-ezone.ca/>, 2008.
K. Wang, S. Stolfo, Anomalous payload-based network intrusion detection, in: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, France, 2004.
G.F. Gu, P. Porras, V. Yegneswaran, M. Fong, W.K. Lee, BotHunter: detecting malware infection through IDS-Driven dialog correlation, in: Proceedings of the 16th USENIX Security Symposium, Boston, MA, 2007.
Quinlan, 1993
M. Akiyama, T. Kawamoto, M. Shimamura, T. Yokoyama, Y. Kadobayashi, S. Yamaguchi, A proposal of metrics for botnet detection based on its cooperative behavior, in: Proceedings of the 2007 International Symposium on Applications and the Internet Workshops, 2007, pp. 82–85.
E. Eskin, Anomaly detection over noisy data using learned probability distributions, in: Proceedings of 17th International Conference on Machine Learning, pp. 255–262.
D. Pelleg, A. Moore, X-means: extending K-means with efficient estimation of the number of clusters, in: Proceedings of the Seventeenth International Conference on Machine Learning, 2000, pp. 727–734.
Kaiten. <http://packetstormsecurity.org/distributed/indexsize.html>, 2008.
Blackenergy. <http://atlas-public.ec2.arbor.net/docs/BlackEnergy+DDoS+Bot+Analysis.pdf>, BlackEnergy.