Research Article
Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks
@INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254051, author={Hachem Guerid and Karel Mittig and Ahmed Serhrouchni}, title={Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks}, proceedings={9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing}, publisher={ICST}, proceedings_a={COLLABORATECOM}, year={2013}, month={11}, keywords={botnet detection collaborative detection domain-flux botnets bloom filters inter-domain detection}, doi={10.4108/icst.collaboratecom.2013.254051} }- Hachem Guerid
Karel Mittig
Ahmed Serhrouchni
Year: 2013
Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks
COLLABORATECOM
IEEE
DOI: 10.4108/icst.collaboratecom.2013.254051
Abstract
The members of almost all botnets are distributed between several networks. Such distribution hardens their detection as the centralized approaches require to centralize network data for their analysis, which is indeed not possible in regard to the legacy and business constraints applied to network operators. In this paper, we propose a collaborative and inter-domain botnet detection system which conciliates the requirements of privacy and business preservation, while enabling real-time analysis for large scale networks. The different probes of our collaborative detection system exchange anonymised information in order to synchronize the network analysis of the members of botnets and to identify the malicious servers controlling them. We evaluated our system using anonymised traffic captured on an operator's network, and the results showed an improvement of 31% of malicious servers detected resulting from the collaboration, and this without significant performance impact and bandwidth overhead (respectively 4% and 11kb/s).
