论文信息 - Heuristics for Detecting Botnet Coordinated Attacks

Heuristics for Detecting Botnet Coordinated Attacks

This paper studies the analysis on the Cyber Clean Center (CCC) Data Set 2009, consisting of raw packets captured more than 90 independent honeypots, in order for detecting behavior of downloads and the port-scans. The analyses show that some new features of the coordinated attacks performed by Botnet, e.g., some particular strings contained in packets in downloading malwares, and the common patterns in downloading malwares from distributed servers. Based on the analysis, the paper proposes the heuristic techniques for detection of malwares made by Botnet coordinated attack and reports the accuracy of the proposed heuristics. The detection process is automated in the proposed decision tree consisting of statistics, such as, a number of total inbound packets, and an average rate of downloading malwares.

[1] Vinod Yegneswaran,et al. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[2] Stefan Savage,et al. Network Telescopes: Technical Report , 2004 .

[3] Vern Paxson,et al. Exploiting underlying structure for detailed reconstruction of an internet-scale event , 2005, IMC '05.

[4] Guofei Gu,et al. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[5] Donald F. Towsley,et al. Code red worm propagation modeling and analysis , 2002, CCS '02.

[6] Carrie Gates,et al. SWorD - A Simple Worm Detection Scheme , 2007, OTM Conferences.

[7] David Moore,et al. The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[8] Zhao Jun. Distributed Intrusion Detection System , 2006 .

[9] Hari Balakrishnan,et al. Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[10] Stefan Savage,et al. Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[11] Vishal Malik,et al. Distributed intrusion detection system , 2002 .