Botnet Command and Control Traffic Detection Challenges: A Correlation-based Solution

IBRAHIM, GHAFIR and MOHAMMAD, HAMMOUDEH and VACLAV, PRENOSIL (2016) Botnet Command and Control Traffic Detection Challenges: A Correlation-based Solution. In: Fourth International Conference on Advances in Computing, Electronics and Communication - ACEC 2016, 15-16 December 2016, Rome, Italy.

[img]
Preview
Text
20161227_042801.pdf - Published Version

Download (658kB) | Preview
Official URL: https://www.seekdl.org/conferences/paper/details/8...

Abstract

While high-speed computer networking and the Internet brought great convenience, a number of security challenges also emerged with these technologies. Amongst different computer network security threats, like viruses and worms, botnets have become one of the most malicious threats over the Internet. In this paper, we describe key research challenges in developing effective intrusion detection systems for botnet command and control traffic detection. Then, we outline a new approach to address such challenges, which is based on voting between intrusion detection methods to collaboratively identify command and control traffic. Each detection method analyzes the network traffic to detect one technique used for command and control communications. Four detection methods are initially investigated, these are: malicious IP address, malicious SSL certificate, domain flux and Tor connection detection. Initial analysis shows that the proposed voting-based intrusion detection significantly reduces the number of false positive alerts.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Cyber attacks, malware, botnet, command and control server, intrusion detection system.
Depositing User: Mr. John Steve
Date Deposited: 18 Mar 2019 11:08
Last Modified: 18 Mar 2019 11:08
URI: http://publications.theired.org/id/eprint/620

Actions (login required)

View Item View Item