Research Article
Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations
309 downloads
@INPROCEEDINGS{10.1007/978-3-319-23829-6_13, author={Pieter Burghouwt and Marcel Spruit and Henk Sips}, title={Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Botnets Network intrusion detection Anomaly detection}, doi={10.1007/978-3-319-23829-6_13} }- Pieter Burghouwt
Marcel Spruit
Henk Sips
Year: 2015
Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_13
Abstract
We present a novel anomaly-based detection approach capable of detecting botnet Command and Control traffic in an enterprise network by estimating the trustworthiness of the traffic destinations. A traffic flow is classified as anomalous if its destination identifier does not origin from: human input, prior traffic from a trusted destination, or a defined set of legitimate applications. This allows for real-time detection of diverse types of Command and Control traffic. The detection approach and its accuracy are evaluated by experiments in a controlled environment.
Copyright © 2014–2024 ICST