About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
ew 20(30): e9

Research Article

Mimicking Attack Detection at Hybrid Level

Download925 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.13-7-2018.164630,
        author={V Rama Krishna and R Subhashini},
        title={Mimicking Attack Detection at Hybrid Level},
        journal={EAI Endorsed Transactions on Energy Web},
        volume={7},
        number={30},
        publisher={EAI},
        journal_a={EW},
        year={2020},
        month={5},
        keywords={Botnet, Mimicking attack, semi-markov model, Ips},
        doi={10.4108/eai.13-7-2018.164630}
    }
    
  • V Rama Krishna
    R Subhashini
    Year: 2020
    Mimicking Attack Detection at Hybrid Level
    EW
    EAI
    DOI: 10.4108/eai.13-7-2018.164630
V Rama Krishna1,*, R Subhashini2
  • 1: Research Scholar, School of Computing, Sathyabama Institute of Science and Technology, Chennai, India
  • 2: Professor of Information Technology, Sathyabama Institute of Science and Technology, Chennai, India
*Contact email: ramakrishnav2525@gmail.com

Abstract

Botnets are becoming an easy way of creating multiple attacks. One of them was botnets simulate the behaviour that is very near to the legitimate users. Previous research found through semi-Markov model it was difficult to detect mimicking attack based on browsing statistics if attacking bots were sufficiently large in number [1]. By using Bots attackers will collect the user profiles from multiple systems. Bot master (attacker) will study statistics and Bot master will prepare a common profile (or) multiple profiles similar to the user activities. In the next phase, bot master injects profile into user systems through bots. If bot master injects common profile across all bot injected system then the attack was considered as a homogeneous mimicking attack. If bot master injects multiple profiles to the bot injected systems the attack was considered a heterogeneous mimicking attack. As part of our study, we simulated the mimicking attack and worked on detecting at multiple levels. We have developed algorithms of detecting at a server level [2] and the gateway level [3]. In this paper, we are going to discuss the merits and demerits of these two detection algorithms and proposing another architecture module hybrid level detection. Which will be spread across servers and gateway which will have the bird view of activities happening in the network. It collects the statistics from different network elements and based on the analysis of the trace of the bot activities will identify mimicking attack.

Keywords
Botnet, Mimicking attack, semi-markov model, Ips
Received
2020-03-16
Accepted
2020-04-27
Published
2020-05-20
Publisher
EAI
http://dx.doi.org/10.4108/eai.13-7-2018.164630

Copyright © 2020 V Rama Krishna et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL