Detecting Botnets with Tight Command and Control

Detecting Botnets with Tight Command and Control

Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Bandwidth
Command and control systems
Communication system traffic control
Computer networks
Control systems
Government
Hospitals
Information security
Internet
Timing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 202
container_issue
container_start_page 195
container_title
container_volume
creator Strayer, W.T.
Walsh, R.
Livadas, C.
Lapsley, D.
description Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that is unlikely to be a part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. Our results show that botnet evidence can be extracted from a traffic trace containing almost 9 million flows
doi_str_mv 10.1109/LCN.2006.322100
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4116547</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4116547</ieee_id><sourcerecordid>4116547</sourcerecordid><originalsourceid>FETCH-LOGICAL-c221t-a52e779c7777afb4cc78a13dcd346167208f5fc0c56d7bdd98440ea3585199b23</originalsourceid><addsrcrecordid>eNo1jktLxDAUhSMqOI5du3DTP9B6b3LzWmp9QtHNuB7SJJ2pTFtpA-K_t6J-cDiczeFj7BKhRAR7XVcvJQdQpeAcAY7YORInAkIrjllmtfnfRp2wFWjiBQoQZyyb53dYsIQk-YrBXUzRp27Y5bdjGmKa888u7fNNt9unvBr73g0h_0k1DmkaDxfstHWHOWZ_vWZvD_eb6qmoXx-fq5u68ItSKpzkUWvr9YJrG_JeG4ci-CBIodIcTCtbD16qoJsQrFl0oxPSSLS24WLNrn5_uxjj9mPqejd9bQlRSdLiG3nURP8</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Detecting Botnets with Tight Command and Control</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Strayer, W.T. ; Walsh, R. ; Livadas, C. ; Lapsley, D.</creator><creatorcontrib>Strayer, W.T. ; Walsh, R. ; Livadas, C. ; Lapsley, D.</creatorcontrib><description>Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that is unlikely to be a part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. Our results show that botnet evidence can be extracted from a traffic trace containing almost 9 million flows</description><identifier>ISSN: 0742-1303</identifier><identifier>ISBN: 9781424404186</identifier><identifier>ISBN: 1424404185</identifier><identifier>EISBN: 1424404193</identifier><identifier>EISBN: 9781424404193</identifier><identifier>DOI: 10.1109/LCN.2006.322100</identifier><language>eng</language><publisher>IEEE</publisher><subject>Bandwidth ; Command and control systems ; Communication system traffic control ; Computer networks ; Control systems ; Government ; Hospitals ; Information security ; Internet ; Timing</subject><ispartof>Proceedings. 2006 31st IEEE Conference on Local Computer Networks, 2006, p.195-202</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c221t-a52e779c7777afb4cc78a13dcd346167208f5fc0c56d7bdd98440ea3585199b23</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4116547$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>310,311,781,785,790,791,2059,27930,54925</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4116547$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Strayer, W.T.</creatorcontrib><creatorcontrib>Walsh, R.</creatorcontrib><creatorcontrib>Livadas, C.</creatorcontrib><creatorcontrib>Lapsley, D.</creatorcontrib><title>Detecting Botnets with Tight Command and Control</title><title>Proceedings. 2006 31st IEEE Conference on Local Computer Networks</title><addtitle>LCN</addtitle><description>Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that is unlikely to be a part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. Our results show that botnet evidence can be extracted from a traffic trace containing almost 9 million flows</description><subject>Bandwidth</subject><subject>Command and control systems</subject><subject>Communication system traffic control</subject><subject>Computer networks</subject><subject>Control systems</subject><subject>Government</subject><subject>Hospitals</subject><subject>Information security</subject><subject>Internet</subject><subject>Timing</subject><issn>0742-1303</issn><isbn>9781424404186</isbn><isbn>1424404185</isbn><isbn>1424404193</isbn><isbn>9781424404193</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo1jktLxDAUhSMqOI5du3DTP9B6b3LzWmp9QtHNuB7SJJ2pTFtpA-K_t6J-cDiczeFj7BKhRAR7XVcvJQdQpeAcAY7YORInAkIrjllmtfnfRp2wFWjiBQoQZyyb53dYsIQk-YrBXUzRp27Y5bdjGmKa888u7fNNt9unvBr73g0h_0k1DmkaDxfstHWHOWZ_vWZvD_eb6qmoXx-fq5u68ItSKpzkUWvr9YJrG_JeG4ci-CBIodIcTCtbD16qoJsQrFl0oxPSSLS24WLNrn5_uxjj9mPqejd9bQlRSdLiG3nURP8</recordid><startdate>200611</startdate><enddate>200611</enddate><creator>Strayer, W.T.</creator><creator>Walsh, R.</creator><creator>Livadas, C.</creator><creator>Lapsley, D.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200611</creationdate><title>Detecting Botnets with Tight Command and Control</title><author>Strayer, W.T. ; Walsh, R. ; Livadas, C. ; Lapsley, D.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c221t-a52e779c7777afb4cc78a13dcd346167208f5fc0c56d7bdd98440ea3585199b23</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Bandwidth</topic><topic>Command and control systems</topic><topic>Communication system traffic control</topic><topic>Computer networks</topic><topic>Control systems</topic><topic>Government</topic><topic>Hospitals</topic><topic>Information security</topic><topic>Internet</topic><topic>Timing</topic><toplevel>online_resources</toplevel><creatorcontrib>Strayer, W.T.</creatorcontrib><creatorcontrib>Walsh, R.</creatorcontrib><creatorcontrib>Livadas, C.</creatorcontrib><creatorcontrib>Lapsley, D.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Strayer, W.T.</au><au>Walsh, R.</au><au>Livadas, C.</au><au>Lapsley, D.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Detecting Botnets with Tight Command and Control</atitle><btitle>Proceedings. 2006 31st IEEE Conference on Local Computer Networks</btitle><stitle>LCN</stitle><date>2006-11</date><risdate>2006</risdate><spage>195</spage><epage>202</epage><pages>195-202</pages><issn>0742-1303</issn><isbn>9781424404186</isbn><isbn>1424404185</isbn><eisbn>1424404193</eisbn><eisbn>9781424404193</eisbn><abstract>Systems are attempting to detect botnets by examining traffic content for IRC commands or by setting up honeynets. Our approach for detecting botnets is to examine flow characteristics such as bandwidth, duration, and packet timing looking for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that is unlikely to be a part of a botnet, classifies the remaining traffic into a group that is likely to be part of a botnet, then correlates the likely traffic to find common communications patterns that would suggest the activity of a botnet. Our results show that botnet evidence can be extracted from a traffic trace containing almost 9 million flows</abstract><pub>IEEE</pub><doi>10.1109/LCN.2006.322100</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0742-1303
ispartof Proceedings. 2006 31st IEEE Conference on Local Computer Networks, 2006, p.195-202
issn 0742-1303
language eng
recordid cdi_ieee_primary_4116547
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Bandwidth
Command and control systems
Communication system traffic control
Computer networks
Control systems
Government
Hospitals
Information security
Internet
Timing
title Detecting Botnets with Tight Command and Control
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-12T12%3A59%3A05IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Detecting%20Botnets%20with%20Tight%20Command%20and%20Control&rft.btitle=Proceedings.%202006%2031st%20IEEE%20Conference%20on%20Local%20Computer%20Networks&rft.au=Strayer,%20W.T.&rft.date=2006-11&rft.spage=195&rft.epage=202&rft.pages=195-202&rft.issn=0742-1303&rft.isbn=9781424404186&rft.isbn_list=1424404185&rft_id=info:doi/10.1109/LCN.2006.322100&rft_dat=%3Cieee_6IE%3E4116547%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1424404193&rft.eisbn_list=9781424404193&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4116547&rfr_iscdi=true