Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Engineering
Botsniffer: Detecting Botnet Command And Control Channels In Network Traffic, Guofei Gu, Junjie Zhang, Wenke Lee
Botsniffer: Detecting Botnet Command And Control Channels In Network Traffic, Guofei Gu, Junjie Zhang, Wenke Lee
Computer Science and Engineering Faculty Publications
Botnets are now recognized as one of the most serious security threats. In contrast to previous malware, botnets have the characteristic of a command and control (C&C) channel. Botnets also often use existing common protocols, e.g., IRC, HTTP, and in protocol-conforming manners. This makes the detection of botnet C&C a challenging problem. In this paper, we propose an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C&C server addresses. This detection approach can identify both the C&C servers and infected hosts in the network. Our …
Botminer: Clustering Analysis Of Network Traffic For Protocol- And Structure-Independent Botnet Detection, Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee
Botminer: Clustering Analysis Of Network Traffic For Protocol- And Structure-Independent Botnet Detection, Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee
Computer Science and Engineering Faculty Publications
Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential …