Abstract
With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. We extend the popular linkage analysis algorithm PageRank [27] with an additional clustering process in order to efficiently detect stealthy botnets using peer-to-peer communication infrastructures and not exhibiting large volumes of traffic. The key conceptual component in our approach is to analyze communication behavioral patterns and to infer potential botnet activities. © 2011 IFIP International Federation for Information Processing.
Author supplied keywords
Cite
CITATION STYLE
François, J., Wang, S., State, R., & Engel, T. (2011). BotTrack: Tracking botnets using netflow and pageRank. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6640 LNCS, pp. 1–14). https://doi.org/10.1007/978-3-642-20757-0_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
