An enhanced model for network flow based botnet detection

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

2 Citations (Scopus)

Abstract

The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

Original languageEnglish
Title of host publicationProceedings of the 38th Australasian Computer Science Conference, ACSC 2015
EditorsDavid Parry
Place of PublicationSydney
PublisherAustralian Computer Society
Pages101-110
Number of pages10
Volume159
ISBN (Print)9781921770418
Publication statusPublished - 2015
EventProceedings of the 38th Australasian Computer Science Conference, ACSC 2015 - Sydney, Australia
Duration: 27 Jan 201530 Jan 2015

Publication series

NameConferences in Research and Practice in Information Technology
Volume159
ISSN (Print)1445-1336

Other

OtherProceedings of the 38th Australasian Computer Science Conference, ACSC 2015
CountryAustralia
CitySydney
Period27/01/1530/01/15

Fingerprint Dive into the research topics of 'An enhanced model for network flow based botnet detection'. Together they form a unique fingerprint.

  • Cite this

    Wijesinghe, U., Tupakula, U., & Varadharajan, V. (2015). An enhanced model for network flow based botnet detection. In D. Parry (Ed.), Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015 (Vol. 159, pp. 101-110). (Conferences in Research and Practice in Information Technology; Vol. 159). Sydney: Australian Computer Society.