Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

Spruit, M.E.M. (Marcel); Burghouwt, Pieter; Sips, Henk

Samenvatting

We present a novel anomaly-based detection approach capable
of detecting botnet Command and Control traffic in an enterprise
network by estimating the trustworthiness of the traffic destinations.
A traffic flow is classified as anomalous if its destination identifier does
not origin from: human input, prior traffic from a trusted destination, or
a defined set of legitimate applications. This allows for real-time detection
of diverse types of Command and Control traffic. The detection
approach and its accuracy are evaluated by experiments in a controlled
environment.

Trefwoorden

botnets Network intrusion detection Anomaly detection

Thema

ICT & Media

Organisatie	De Haagse Hogeschool
Afdeling	Faculteit IT & Design
Lectoraat	Lectoraat Cyber Security & Safety

Gepubliceerd in	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering Springer, Cham, Pagina's: 174-182
Datum	2015-08-11
Type	Conferentiebijdrage
ISBN	978-3-319-23829-6
Taal	Engels

Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

Samenvatting

Misschien ook interessant voor jou?

Ensembles of incremental learners to detect anomalies in ad hoc sensor networks

Adviesrapport SAM-Oplossing [IDS/IPS implementatie bij het MKB]

Countering Ransomware Using Anomaly Detection of Endpoint Events