Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations
Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations
Samenvatting
We present a novel anomaly-based detection approach capable
of detecting botnet Command and Control traffic in an enterprise
network by estimating the trustworthiness of the traffic destinations.
A traffic flow is classified as anomalous if its destination identifier does
not origin from: human input, prior traffic from a trusted destination, or
a defined set of legitimate applications. This allows for real-time detection
of diverse types of Command and Control traffic. The detection
approach and its accuracy are evaluated by experiments in a controlled
environment.
Organisatie | De Haagse Hogeschool |
Afdeling | Faculteit IT & Design |
Lectoraat | Lectoraat Cyber Security & Safety |
Gepubliceerd in | Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering Springer, Cham, Pagina's: 174-182 |
Datum | 2015-08-11 |
Type | Conferentiebijdrage |
ISBN | 978-3-319-23829-6 |
Taal | Engels |