Event graphs for the observation of botnet traffic

Submitted by grigby1 on Wed, 06/20/2018 - 11:50am

Title	Event graphs for the observation of botnet traffic
Publication Type	Conference Paper
Year of Publication	2017
Authors	Acarali, D., Rajarajan, M., Komninos, N., Herwono, I.
Conference Name	2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)
Date Published	oct
Keywords	Algorithm design and analysis, bot programs, Botnet, botnet traffic, computer network security, computer security, Correlation, cyber-crime campaigns, event graphs, graph theory, host machines, Human Behavior, Image edge detection, Information security, Malware, malware analysis, Metrics, network event correlation method, network resources, network vulnerabilities, privacy, pubcrawl, resilience, Resiliency, sensitive information, statistical flow-based analysis, telecommunication traffic
Abstract	Botnets are a growing threat to the security of data and services on a global level. They exploit vulnerabilities in networks and host machines to harvest sensitive information, or make use of network resources such as memory or bandwidth in cyber-crime campaigns. Bot programs by nature are largely automated and systematic, and this is often used to detect them. In this paper, we extend upon existing work in this area by proposing a network event correlation method to produce graphs of flows generated by botnets, outlining the implementation and functionality of this approach. We also show how this method can be combined with statistical flow-based analysis to provide a descriptive chain of events, and test on public datasets with an overall success rate of 94.1%.
URL	https://ieeexplore.ieee.org/document/8117179/
DOI	10.1109/IEMCON.2017.8117179
Citation Key	acarali_event_2017

Groups:

Science of Security VO