Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
An Enhanced Model for Network Flow Based Botnet Detection
Wijesinghe, U., Tupakula, U. and Varadharajan, V.
The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.
Cite as: Wijesinghe, U., Tupakula, U. and Varadharajan, V. (2015). An Enhanced Model for Network Flow Based Botnet Detection. In Proc. 38th Australasian Computer Science Conference (ACSC 2015) Sydney, Australia. CRPIT, 159. Parry, D. Eds., ACS. 101-110
(from crpit.com)
(local if available)
