2,624 research outputs found
PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis
Peer-to-peer (P2P) botnets have become one of the major threats in network
security for serving as the infrastructure that responsible for various of
cyber-crimes. Though a few existing work claimed to detect traditional botnets
effectively, the problem of detecting P2P botnets involves more challenges. In
this paper, we present PeerHunter, a community behavior analysis based method,
which is capable of detecting botnets that communicate via a P2P structure.
PeerHunter starts from a P2P hosts detection component. Then, it uses mutual
contacts as the main feature to cluster bots into communities. Finally, it uses
community behavior analysis to detect potential botnet communities and further
identify bot candidates. Through extensive experiments with real and simulated
network traces, PeerHunter can achieve very high detection rate and low false
positives.Comment: 8 pages, 2 figures, 11 tables, 2017 IEEE Conference on Dependable and
Secure Computin
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
Deep fused flow and topology features for botnet detection basing on pretrained GCN
Nowadays, botnets have become one of the major threats to cyber security. The
characteristics of botnets are mainly reflected in bots network behavior and
their intercommunication relationships. Existing botnet detection methods use
flow features or topology features individually, which overlook the other type
of feature. This affects model performance. In this paper, we propose a botnet
detection model which uses graph convolutional network (GCN) to deeply fuse
flow features and topology features for the first time. We construct
communication graphs from network traffic and represent nodes with flow
features. Due to the imbalance of existing public traffic flow datasets, it is
impossible to train a GCN model on these datasets. Therefore, we use a balanced
public communication graph dataset to pretrain a GCN model, thereby
guaranteeing its capacity for identify topology features. We then feed the
communication graph with flow features into the pretrained GCN. The output from
the last hidden layer is treated as the fusion of flow and topology features.
Additionally, by adjusting the number of layers in the GCN network, the model
can effectively detect botnets under both C2 and P2P structures. Validated on
the public ISCX2014 dataset, our approach achieves a remarkable recall rate
92.90% and F1-score 92.76% for C2 botnets, alongside recall rate 94.66% and
F1-score of 92.35% for P2P botnets. These results not only demonstrate the
effectiveness of our method, but also outperform the performance of the
currently leading detection models
Botnet Detection Using Graph Based Feature Clustering
Detecting botnets in a network is crucial because bot-activities impact numerous areas such as security, finance, health care, and law enforcement. Most existing rule and flow-based detection methods may not be capable of detecting bot-activities in an efficient manner. Hence, designing a robust botnet-detection method is of high significance. In this study, we propose a botnet-detection methodology based on graph-based features. Self-Organizing Map is applied to establish the clusters of nodes in the network based on these features. Our method is capable of isolating bots in small clusters while containing most normal nodes in the big-clusters. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from bot detection. The methodology is verified using real-world CTU-13 and ISCX botnet datasets and benchmarked against classification-based detection methods. The results show that our proposed method can efficiently detect the bots despite their varying behaviors
Review on Botnet Threat Detection in P2P
Botnets are nothing but the malicious codes such as viruses which are used for attacking the computers. These are act as threats and are very harmful. Due to distributed nature of botnets, it is hard to detect them in peer-to-peer networks. So we require the smarter technique to detect such threats. The automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. This paper gives the review on the various techniques used to detect such botnets.
DOI: 10.17762/ijritcc2321-8169.15026
- …