A Detection Method for Botnet based on Behavior Features
Weiming Li, Songlin Xie, Jie Luo, Xiaodong Zhu
Available Online April 2013.
- https://doi.org/10.2991/icsem.2013.100How to use a DOI?
- network security, botnet, behaviors feature, similarity
- How to detect Botnet has become a very important problem in security network. The existent detection methods based on network traffic and host behaviors can’t handle the emergency Botnets. In this paper we present an optimized method to analyze the similarity and time period of Botnets behaviors. In the end, our method gets an effective result. Our method uses the IDS-like architecture, which develops six specific components to detect six important Botnets abnormal behaviors. And it builds correlation rules to calculate match score. Through the experiments described in the paper, we can see that our method can not only detect already known Botnets precisely, but also detect unknown Botnets to some extent. The experiments prove that our method is effective and it has some advantages compared with other methods. At last, the paper proposes the future direction and the points that need to be improved.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Weiming Li AU - Songlin Xie AU - Jie Luo AU - Xiaodong Zhu PY - 2013/04 DA - 2013/04 TI - A Detection Method for Botnet based on Behavior Features BT - 2nd International Conference On Systems Engineering and Modeling (ICSEM-13) PB - Atlantis Press SP - 512 EP - 517 SN - 1951-6851 UR - https://doi.org/10.2991/icsem.2013.100 DO - https://doi.org/10.2991/icsem.2013.100 ID - Li2013/04 ER -