Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic
Bots usually vary from their other malicious counter parts by periodically reporting to the botmaster through regular exchange of messages. Our experiments on bot attack generation showed a continuous exchange of packets with similar content between the botmaster and the zombie machine at various ti...
Gespeichert in:
| Veröffentlicht in: | International journal of computer network and information security 2013-11, Vol.6 (1), p.48 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | 1 |
| container_start_page | 48 |
| container_title | International journal of computer network and information security |
| container_volume | 6 |
| creator | Kritika Govind Selvakumar, S |
| description | Bots usually vary from their other malicious counter parts by periodically reporting to the botmaster through regular exchange of messages. Our experiments on bot attack generation showed a continuous exchange of packets with similar content between the botmaster and the zombie machine at various time intervals. Though there were also genuine packets with similar content being sent out of the victim machine challenge was to differentiate between the two and pass only the genuine ones. In this paper, an algorithm namely Auto-Pattern Programmable Kernel Filter (Auto-PPKF), for automatic detection of patterns from packet payload for filtering out malicious packets generated by bots is proposed. The significant feature of our proposed Auto-PPKF algorithm is that, the malicious pattern is deduced at kernel level on the fly from packet payload. Traditional algorithms such as Boyer Moore, Knuth Morris Patt, and Naive Pattern search algorithms require the pattern to be identified available a priori. Currently, Longest Common Subsequence (LCS) algorithm stands as the most preferred algorithm for pattern matching. But the disadvantage is that common sequences can also exist in many genuine packets. Hence, the challenge lies in automatic detection of malicious patterns and filtering of the packets having such malicious patterns. This would not only put off the communication between the Botmaster and Zombie machine, but will also thus prevent user information from being sent to the botmaster. |
| doi_str_mv | 10.5815/ijcnis.2013.01.07 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_1623898191</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3494133661</sourcerecordid><originalsourceid>FETCH-proquest_journals_16238981913</originalsourceid><addsrcrecordid>eNqNikFLw0AQhRdRsNj-AG8DXvSQOJNtmuSoYhR6CbRHoax1Vjaku3F28_8NqHff5T3e9yl1TZiXNZX3rj96F_MCSedIOVZnalFgtc4awvX538YGL9Uqxh7nbErSlV6ot4cphawzKbF46CR8ijmdzPvAsJ0fHqB1w8zg9kfstu0d2CCwm8ZROEYXPAQLjyHBC3sWk_gD9mKsdcelurBmiLz67St10z7vn16zUcLXxDEd-jCJn9GBNoWum5oa0v-zvgGdiEpf</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1623898191</pqid></control><display><type>article</type><title>Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Kritika Govind ; Selvakumar, S</creator><creatorcontrib>Kritika Govind ; Selvakumar, S</creatorcontrib><description>Bots usually vary from their other malicious counter parts by periodically reporting to the botmaster through regular exchange of messages. Our experiments on bot attack generation showed a continuous exchange of packets with similar content between the botmaster and the zombie machine at various time intervals. Though there were also genuine packets with similar content being sent out of the victim machine challenge was to differentiate between the two and pass only the genuine ones. In this paper, an algorithm namely Auto-Pattern Programmable Kernel Filter (Auto-PPKF), for automatic detection of patterns from packet payload for filtering out malicious packets generated by bots is proposed. The significant feature of our proposed Auto-PPKF algorithm is that, the malicious pattern is deduced at kernel level on the fly from packet payload. Traditional algorithms such as Boyer Moore, Knuth Morris Patt, and Naive Pattern search algorithms require the pattern to be identified available a priori. Currently, Longest Common Subsequence (LCS) algorithm stands as the most preferred algorithm for pattern matching. But the disadvantage is that common sequences can also exist in many genuine packets. Hence, the challenge lies in automatic detection of malicious patterns and filtering of the packets having such malicious patterns. This would not only put off the communication between the Botmaster and Zombie machine, but will also thus prevent user information from being sent to the botmaster.</description><identifier>ISSN: 2074-9090</identifier><identifier>EISSN: 2074-9104</identifier><identifier>DOI: 10.5815/ijcnis.2013.01.07</identifier><language>eng</language><publisher>Hong Kong: Modern Education and Computer Science Press</publisher><ispartof>International journal of computer network and information security, 2013-11, Vol.6 (1), p.48</ispartof><rights>Copyright Modern Education and Computer Science Press Nov 2013</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Kritika Govind</creatorcontrib><creatorcontrib>Selvakumar, S</creatorcontrib><title>Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic</title><title>International journal of computer network and information security</title><description>Bots usually vary from their other malicious counter parts by periodically reporting to the botmaster through regular exchange of messages. Our experiments on bot attack generation showed a continuous exchange of packets with similar content between the botmaster and the zombie machine at various time intervals. Though there were also genuine packets with similar content being sent out of the victim machine challenge was to differentiate between the two and pass only the genuine ones. In this paper, an algorithm namely Auto-Pattern Programmable Kernel Filter (Auto-PPKF), for automatic detection of patterns from packet payload for filtering out malicious packets generated by bots is proposed. The significant feature of our proposed Auto-PPKF algorithm is that, the malicious pattern is deduced at kernel level on the fly from packet payload. Traditional algorithms such as Boyer Moore, Knuth Morris Patt, and Naive Pattern search algorithms require the pattern to be identified available a priori. Currently, Longest Common Subsequence (LCS) algorithm stands as the most preferred algorithm for pattern matching. But the disadvantage is that common sequences can also exist in many genuine packets. Hence, the challenge lies in automatic detection of malicious patterns and filtering of the packets having such malicious patterns. This would not only put off the communication between the Botmaster and Zombie machine, but will also thus prevent user information from being sent to the botmaster.</description><issn>2074-9090</issn><issn>2074-9104</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNqNikFLw0AQhRdRsNj-AG8DXvSQOJNtmuSoYhR6CbRHoax1Vjaku3F28_8NqHff5T3e9yl1TZiXNZX3rj96F_MCSedIOVZnalFgtc4awvX538YGL9Uqxh7nbErSlV6ot4cphawzKbF46CR8ijmdzPvAsJ0fHqB1w8zg9kfstu0d2CCwm8ZROEYXPAQLjyHBC3sWk_gD9mKsdcelurBmiLz67St10z7vn16zUcLXxDEd-jCJn9GBNoWum5oa0v-zvgGdiEpf</recordid><startdate>20131101</startdate><enddate>20131101</enddate><creator>Kritika Govind</creator><creator>Selvakumar, S</creator><general>Modern Education and Computer Science Press</general><scope>3V.</scope><scope>7XB</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>BVBZV</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20131101</creationdate><title>Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic</title><author>Kritika Govind ; Selvakumar, S</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_16238981913</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><toplevel>online_resources</toplevel><creatorcontrib>Kritika Govind</creatorcontrib><creatorcontrib>Selvakumar, S</creatorcontrib><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>East & South Asia Database</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of computer network and information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kritika Govind</au><au>Selvakumar, S</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic</atitle><jtitle>International journal of computer network and information security</jtitle><date>2013-11-01</date><risdate>2013</risdate><volume>6</volume><issue>1</issue><spage>48</spage><pages>48-</pages><issn>2074-9090</issn><eissn>2074-9104</eissn><abstract>Bots usually vary from their other malicious counter parts by periodically reporting to the botmaster through regular exchange of messages. Our experiments on bot attack generation showed a continuous exchange of packets with similar content between the botmaster and the zombie machine at various time intervals. Though there were also genuine packets with similar content being sent out of the victim machine challenge was to differentiate between the two and pass only the genuine ones. In this paper, an algorithm namely Auto-Pattern Programmable Kernel Filter (Auto-PPKF), for automatic detection of patterns from packet payload for filtering out malicious packets generated by bots is proposed. The significant feature of our proposed Auto-PPKF algorithm is that, the malicious pattern is deduced at kernel level on the fly from packet payload. Traditional algorithms such as Boyer Moore, Knuth Morris Patt, and Naive Pattern search algorithms require the pattern to be identified available a priori. Currently, Longest Common Subsequence (LCS) algorithm stands as the most preferred algorithm for pattern matching. But the disadvantage is that common sequences can also exist in many genuine packets. Hence, the challenge lies in automatic detection of malicious patterns and filtering of the packets having such malicious patterns. This would not only put off the communication between the Botmaster and Zombie machine, but will also thus prevent user information from being sent to the botmaster.</abstract><cop>Hong Kong</cop><pub>Modern Education and Computer Science Press</pub><doi>10.5815/ijcnis.2013.01.07</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2074-9090 |
| ispartof | International journal of computer network and information security, 2013-11, Vol.6 (1), p.48 |
| issn | 2074-9090 2074-9104 |
| language | eng |
| recordid | cdi_proquest_journals_1623898191 |
| source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| title | Auto-Pattern Programmable Kernel Filter (Auto-PPKF) for Suppression of Bot Generated Traffic |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T15%3A45%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Auto-Pattern%20Programmable%20Kernel%20Filter%20(Auto-PPKF)%20for%20Suppression%20of%20Bot%20Generated%20Traffic&rft.jtitle=International%20journal%20of%20computer%20network%20and%20information%20security&rft.au=Kritika%20Govind&rft.date=2013-11-01&rft.volume=6&rft.issue=1&rft.spage=48&rft.pages=48-&rft.issn=2074-9090&rft.eissn=2074-9104&rft_id=info:doi/10.5815/ijcnis.2013.01.07&rft_dat=%3Cproquest%3E3494133661%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1623898191&rft_id=info:pmid/&rfr_iscdi=true |