A Multi-Layered Approach to Botnet Detection

– The goal of this research was to design a multi-layered architecture for the detection of a wide range of existing and new botnets. By not relying on a single technique but rather building in the ability to support multiple techniques, the goal is to be able to detect a wider array of bots and botnets than is possible with a single technique. The open architecture and API will allow any techniques designed by other researchers to be integrated. The goal is to use signature type techniques to detect well-known bots and botnets and data mining techniques to detect new classes and variants; i.e. anomaly or misuse detection.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[3]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[4]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[5]  Suresh Singh,et al.  An Algorithm for Anomaly-based Botnet Detection , 2006, SRUTI.

[6]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[7]  Mitsuaki Akiyama,et al.  A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[8]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[9]  Usama M. Fayyad,et al.  Knowledge Discovery in Databases: An Overview , 1997, ILP.