期刊文献+

Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation 被引量:3

Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation
下载PDF
导出
摘要 In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range. In this paper, we propose a novel method to detect encrypted botnet traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly improving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatial-temporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental results show that the false positive and false negative rates can be controlled within a certain range.
出处 《China Communications》 SCIE CSCD 2012年第10期49-59,共11页 中国通信(英文版)
基金 supported by the National Basic Research Program of China(973 Program)under Grant No.2011CB302903 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.YX002001
关键词 BOTNET encrypted traffic spatial-tenmporal correlation 网络流量 相关性检测 加密 序贯概率比检验 时空 僵尸网络 流量检测 提取方法
  • 相关文献

参考文献3

二级参考文献72

  • 1文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219. 被引量:187
  • 2孙彦东,李东.僵尸网络综述[J].计算机应用,2006,26(7):1628-1630. 被引量:29
  • 3Porras P, Saidi H, Yegneswaran V. A foray into Conficker's logic and rendezvous points [R/OL]. Berkeley, CA: USENIX, 2009. [2011-06-10]. http://www, usenix, org/ events/leet09/tech/full papers/porras/porras_html/.
  • 4CNCERT.中国互联网网络安全报告[EB/OL].2011.[201-06-10].http://www.cert.org.cn/UserFiles/File/2010%20first%20half.pdf.2010.
  • 5Symantec Inc. Symantec global Internet security threat report trends for 2009 volume XV [EB/OL]. 2010. E2011 06-101. http://eval, symantee, com/mktginfo/enterprise/white_ papers/b-whitepaper_internet security threat report xv 04 2010. en-us, pdf.
  • 6Holz T, Gorecki C, Rieck C, et al. Detection and mitigation of fast-flux service networks [C] //Proc of the 15th Annual Network and Distributed System Security Symposium. Berkeley, CA: USENIX, 2008.
  • 7Stone-Gross B, Cova M, Cavallaro L, et al. Your botnet is my botnet: Analysis of a botnet takeover[C] //Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009:635-647.
  • 8Cui Xiang, Fang Towards advanced Usenix Workshop Threats. Berkeley, Binxing, Yin Lihua, et al. Andbot: mobile bomets [C] //Proc of the 4th on Large-scale Exploits and Emergent CA: USENIX, 2011:No 11.
  • 9Wang P, Sparks S, Zou C C. An advanced hybrid peer-topeer botnet [C] //Proc of the 1st Conf on 1st Workshop on Hot Topics in Understanding Botnets. Berkeley, CA: USENIX, 2007: No 2.
  • 10Holz T, Steiner M, Dahl F, et al. Measurements an mitigation of peer-to peer-based botnets:A case study o storm worm [C] //Proc of the 1st USENIX Workshop o Large-scale Exploits and Emergent Threats. Berkeley, CA USENIX, 2008: No 9.

共引文献233

同被引文献30

  • 1王海龙,胡宁,龚正虎.Bot_CODA:僵尸网络协同检测体系结构[J].通信学报,2009,30(S1):15-22. 被引量:9
  • 2Tsai M H,Chang K C,Lin C C,et al.C&C tracer:botnet command and control behavior tracing[C]∥2011IEEE International Conference on Systems,Man,and Cybernetics.Anchorage:IEEE,2011:9-12.
  • 3Sroufe P,Phithakkitnukoon S,Dantu R,et al.Email shape analysis for spam botnet detection[C]∥Proceedings of the 6th IEEE Consumer Communications and Networking Conference.Las Vegas:IEEE,2009:1-2.
  • 4Gu Guofei,Zhang Junjie,Lee W.BotSniffer:detecting botnet command and control channels in network traffic[C]∥Proc of the 16th Annual Network and Distributed System Security Symposium.San Jose:DBLP,2008:193-210.
  • 5Gu Guofei,Perdisci R,Zhang Junjie,et al.Botminer:clustering analysis of network traffic for protocol and structure-independent botnet detection[C]∥Proc of the 17th USENIX Security Symposium.San Jose:DBLP,2008:139-154.
  • 6Fedynyshyn G,Chuah M C.Detection and classification of different botnet C&C channels[C]∥ATC′11Proceedings of the 8th International Conference on Autonomic and Trusted Computing.Banff:[s.n.],2011:228-242.
  • 7Karasaridis A,Rexroad B,Hoeflin D,et al.Widescale botnet detection and characterization[C]∥Proceedings of the HotBots First Workshop on Hot Topics in Understanding Botnets.Berkeley:ACM,2007:1-8.
  • 8Yen T F,Reiter M K.Traffic aggregation for malware detection[C]∥Detection of Intrusions and Malware,and Vulnerability Assessment.Berlin:Springer-Verlag,2008:207-227.
  • 9Afgani M,Sinanovic S,Haas H.Anomaly detection using the Kullback-Leibler divergence metric[C]∥Proceedings of the First International Symposium on Applied Sciences in Biomedical and Communication Technologies(ISABEL).Aalborg:IEEE,2008:25-28.
  • 10He Xin,Yang Hua,Gui Xiaolin.The maximum coverage set calculated algorithm for WSN area coverage[J].Journal of Networks,2010,5(6):650-657.

引证文献3

二级引证文献32

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部