Abstract
Botnet threats include a plethora of possible attacks ranging from distributed denial of service (DDoS), to drive-by-download malware distribution and spam. While for over two decades, techniques have been proposed for either improving accuracy or speeding up the detection of attacks, much of the damage is done by the time attacks are contained. In this work we take a new direction which aims to predict forthcoming attacks (i.e. before they occur), providing early warnings to network administrators who can then prepare to contain them as soon as they manifest or simply quarantine hosts. Our approach is based on modelling the Botnet infection sequence as a Markov chain with the objective of identifying behaviour that is likely to lead to attacks. We present the results of applying a Markov model to real world Botnets' data, and show that with this approach we are successfully able to predict more than 98% of attacks from a variety of Botnet families with a very low false alarm rate.
Original language | English |
---|---|
Title of host publication | IEEE 41st Conference on Local Computer Networks, LCN 2016 |
Subtitle of host publication | proceedings |
Place of Publication | Piscataway |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 61-68 |
Number of pages | 8 |
ISBN (Electronic) | 9781509020546 |
ISBN (Print) | 9781509020553 |
DOIs | |
Publication status | Published - 22 Dec 2016 |
Externally published | Yes |
Event | 41st IEEE Conference on Local Computer Networks, LCN 2016 - Dubai, United Arab Emirates Duration: 7 Nov 2016 → 10 Nov 2016 |
Conference
Conference | 41st IEEE Conference on Local Computer Networks, LCN 2016 |
---|---|
Country/Territory | United Arab Emirates |
City | Dubai |
Period | 7/11/16 → 10/11/16 |
Keywords
- attack prediction
- Botnet
- Markov chain