An enhanced model for network flow based botnet detection

Udaya Wijesinghe; Udaya Tupakula; Vijay Varadharajan

An enhanced model for network flow based botnet detection

Udaya Wijesinghe, Udaya Tupakula, Vijay Varadharajan

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

4 Citations (Scopus)

Abstract

The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

Original language	English
Title of host publication	Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015
Editors	David Parry
Place of Publication	Sydney
Publisher	Australian Computer Society
Pages	101-110
Number of pages	10
Volume	159
ISBN (Print)	9781921770418
Publication status	Published - 2015
Event	Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015 - Sydney, Australia Duration: 27 Jan 2015 → 30 Jan 2015

Publication series

Name	Conferences in Research and Practice in Information Technology
Volume	159
ISSN (Print)	1445-1336

Other

Other	Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015
Country/Territory	Australia
City	Sydney
Period	27/01/15 → 30/01/15

Cite this

@inproceedings{27b658985b944b7595e5c8d55b9915ef,

title = "An enhanced model for network flow based botnet detection",

abstract = "The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.",

author = "Udaya Wijesinghe and Udaya Tupakula and Vijay Varadharajan",

year = "2015",

language = "English",

isbn = "9781921770418",

volume = "159",

series = "Conferences in Research and Practice in Information Technology",

publisher = "Australian Computer Society",

pages = "101--110",

editor = "David Parry",

booktitle = "Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015",

address = "Australia",

note = "Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015 ; Conference date: 27-01-2015 Through 30-01-2015",

}

Wijesinghe, U, Tupakula, U & Varadharajan, V 2015, An enhanced model for network flow based botnet detection. in D Parry (ed.), Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015. vol. 159, Conferences in Research and Practice in Information Technology, vol. 159, Australian Computer Society, Sydney, pp. 101-110, Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015, Sydney, Australia, 27/01/15.

An enhanced model for network flow based botnet detection. / Wijesinghe, Udaya; Tupakula, Udaya; Varadharajan, Vijay.
Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015. ed. / David Parry. Vol. 159 Sydney: Australian Computer Society, 2015. p. 101-110 (Conferences in Research and Practice in Information Technology; Vol. 159).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - An enhanced model for network flow based botnet detection

AU - Wijesinghe, Udaya

AU - Tupakula, Udaya

AU - Varadharajan, Vijay

PY - 2015

Y1 - 2015

N2 - The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

AB - The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

UR - http://www.scopus.com/inward/record.url?scp=84943169802&partnerID=8YFLogxK

M3 - Conference proceeding contribution

AN - SCOPUS:84943169802

SN - 9781921770418

VL - 159

T3 - Conferences in Research and Practice in Information Technology

SP - 101

EP - 110

BT - Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015

A2 - Parry, David

PB - Australian Computer Society

CY - Sydney

T2 - Proceedings of the 38th Australasian Computer Science Conference, ACSC 2015

Y2 - 27 January 2015 through 30 January 2015

ER -

An enhanced model for network flow based botnet detection

Abstract

Publication series

Other

Other files and links

Fingerprint

Cite this