DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies

Distributed Denial-of-Service (DDoS) attacks are usually launched through the $botnet$, an "army" of compromised nodes hidden in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable discrimination of the normal users from the compromised ones. Unfortunately, the recent emergence of attacks performed at the application layer has multiplied the number of possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be addressed by simply borrowing the tools that have been successfully applied so far to earlier DDoS paradigms. In this work, we offer basically three contributions: $i)$ we introduce an abstract model for the aforementioned class of attacks, where the botnet emulates normal traffic by continually learning admissible patterns from the environment; $ii)$ we devise an inference algorithm that is shown to provide a consistent (i.e., converging to the true solution as time progresses) estimate of the botnet possibly hidden in the network; and $iii)$ we verify the validity of the proposed inferential strategy over $real$ network traces.Comment: Submitted for publicatio

Revealing the Feature Influence in HTTP Botnet Detection

Botnet are identified as one of most emerging threats due to Cybercriminals work diligently to make most of the part of the users’ network of computers as their target. In conjunction to that, many researchers has conduct a lot of study regarding on the botnets and ways to detect botnet in network traffic. Most of them only used the feature inside the system without mentioning the feature influence in botnet detection. Selecting a significant feature are important in botnet detection as it can increase the accuracy of detection. Besides, existing research focusses more on the technique of recognition rather than uncovering the purpose behind the selection. Therefore, this paper will reveal the influence feature in botnet detection using statistical method. The result obtained showed the accuracy is about 91% which is approximately acceptable to use the influence feature in detecting botnet activity

Revealing Influenced Selected Feature for P2P Botnet Detection

P2P botnet has become a serious security threat for computer networking systems. Botnet attack causes a great financial loss and badly impact the information and communication technology (ICT) system. Current botnet detection mechanisms have limitations and flaws to deal with P2P botnets which famously known for their complexity and scalable attack. Studies show that botnets behavior can be detected based on several detection features. However, some of the feature parameters may not represent botnet behavior and may lead to higher false alarm detection rate. In this paper, we reveal selected feature that influences P2P botnets detection. The result obtained by selecting features shows detection attack rate of 99.74%

CAREER: adaptive intrusion detection systems

Issued as final reportNational Science Foundation (U.S.