Research Article
Mimicking Attack Detection at Hybrid Level
@ARTICLE{10.4108/eai.13-7-2018.164630, author={V Rama Krishna and R Subhashini}, title={Mimicking Attack Detection at Hybrid Level}, journal={EAI Endorsed Transactions on Energy Web}, volume={7}, number={30}, publisher={EAI}, journal_a={EW}, year={2020}, month={5}, keywords={Botnet, Mimicking attack, semi-markov model, Ips}, doi={10.4108/eai.13-7-2018.164630} }
- V Rama Krishna
R Subhashini
Year: 2020
Mimicking Attack Detection at Hybrid Level
EW
EAI
DOI: 10.4108/eai.13-7-2018.164630
Abstract
Botnets are becoming an easy way of creating multiple attacks. One of them was botnets simulate the behaviour that is very near to the legitimate users. Previous research found through semi-Markov model it was difficult to detect mimicking attack based on browsing statistics if attacking bots were sufficiently large in number [1]. By using Bots attackers will collect the user profiles from multiple systems. Bot master (attacker) will study statistics and Bot master will prepare a common profile (or) multiple profiles similar to the user activities. In the next phase, bot master injects profile into user systems through bots. If bot master injects common profile across all bot injected system then the attack was considered as a homogeneous mimicking attack. If bot master injects multiple profiles to the bot injected systems the attack was considered a heterogeneous mimicking attack. As part of our study, we simulated the mimicking attack and worked on detecting at multiple levels. We have developed algorithms of detecting at a server level [2] and the gateway level [3]. In this paper, we are going to discuss the merits and demerits of these two detection algorithms and proposing another architecture module hybrid level detection. Which will be spread across servers and gateway which will have the bird view of activities happening in the network. It collects the statistics from different network elements and based on the analysis of the trace of the bot activities will identify mimicking attack.
Copyright © 2020 V Rama Krishna et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.