Different Techniques to Detect Botnet

Botnets are now considered as one of the most serious security threats. In contrast to previous malware, botnets have the characteristics of command and control (C&C) channel. Botnets usually use existing common protocols, eg IRC, HTTP and in protocol conforming manners, this makes the detection of botnet C&C a difficult problem. In this paper we tend to proposed 3 techniques specifically signature based detection, firewall IP blocking and anomaly based detection so as to detect bot and provide secure network services to the users

Botnet Detection using Social Graph Analysis

Signature-based botnet detection methods identify botnets by recognizing Command and Control (C\&C) traffic and can be ineffective for botnets that use new and sophisticate mechanisms for such communications. To address these limitations, we propose a novel botnet detection method that analyzes the social relationships among nodes. The method consists of two stages: (i) anomaly detection in an "interaction" graph among nodes using large deviations results on the degree distribution, and (ii) community detection in a social "correlation" graph whose edges connect nodes with highly correlated communications. The latter stage uses a refined modularity measure and formulates the problem as a non-convex optimization problem for which appropriate relaxation strategies are developed. We apply our method to real-world botnet traffic and compare its performance with other community detection methods. The results show that our approach works effectively and the refined modularity measure improves the detection accuracy.Comment: 7 pages. Allerton Conferenc

The Challenges in SDN/ML Based Network Security : A Survey

Machine Learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire SDN. Compromising the models is consequently a very desirable goal. Previous surveys have been done on either adversarial machine learning or the general vulnerabilities of SDNs but not both. Through examination of the latest ML-based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with arXiv:1705.0056

A Review-Botnet Detection and Suppression in Clouds

Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets is well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. Botnet attacks degrade the status of Internet security. Clouds provide botmaster with an ideal environment of rich computing resources where it can easily deploy or remove C&C server and perform attacks.  It is of vital importance for cloud service providers to detect botnet,  prevent attack,  and trace back to the botmaster.  It also becomes necessary to detect and suppress these bots to protect the clouds. This paper provides the various botnet detection techniques and the comparison of various botnet detection techniques. It also provides the botnet suppression technique in cloud. Keywords: Cloud computing, network security, botnet, botmmaster, botnet detection, botnet suppressio

Performance evaluation of DCA and SRC on a single bot detection

Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a “bot”. In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman’s rank correlation (SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities

ActiBot: A Botnet to Evade Active Detection

In recent years, botnets have emerged as a serious threat on the Internet. Botnets are commonly used for exploits such as distributed denial of service (DDoS) attacks, identity theft, spam, and click fraud. The immense size of botnets, some consisting of hundreds of thousands of compromised computers, increases the speed and severity of attacks. Unlike passive behavior anomaly detection techniques, active botnet detection aims to collect evidence actively, in order to reduce detection time and increase accuracy. In this project, we develop and analyze a botnet that we call ActiBot, which can evade some types of active detection mechanisms. Future research will focus on using ActiBot to strengthen existing detection techniques

A P2P BOTNET VIRUS DETECTION SYSTEM BASED ON DATA-MINING ALGORITHMS

ABSTRACT A P2P botnet virus detection system based on data-mining algorithms is proposed in this study to detect the infected computers quickly using Bayes Classifier and Neural Network (NN) Classifier. The system can detect P2P botnet viruses in the early stage of infection and report to network managers to avoid further infection. The system adopts real-time flow identification techniques to detect traffic flows produced by P2P application programs and botnet viruses by comparing with the known flow patterns in the database. After trained by adjusting the system parameters using test samples, the experimental results show that the accuracy of Bayes Classifier is 95.78% and that of NN Classifier is 98.71% in detecting P2P botnet viruses and suspected flows to achieve the goal of infection control in a short time