Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

An Enhanced Model for Network Flow Based Botnet Detection

Wijesinghe, U., Tupakula, U. and Varadharajan, V.

    The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.
Cite as: Wijesinghe, U., Tupakula, U. and Varadharajan, V. (2015). An Enhanced Model for Network Flow Based Botnet Detection. In Proc. 38th Australasian Computer Science Conference (ACSC 2015) Sydney, Australia. CRPIT, 159. Parry, D. Eds., ACS. 101-110
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS