Full metadata record
DC FieldValueLanguage
dc.contributor.authorWang, Kuochenen_US
dc.contributor.authorHuang, Chun-Yingen_US
dc.contributor.authorTsai, Li-Yangen_US
dc.contributor.authorLin, Ying-Daren_US
dc.date.accessioned2019-04-03T06:40:35Z-
dc.date.available2019-04-03T06:40:35Z-
dc.date.issued2014-11-01en_US
dc.identifier.issn1939-0114en_US
dc.identifier.urihttp://dx.doi.org/10.1002/sec.898en_US
dc.identifier.urihttp://hdl.handle.net/11536/123955-
dc.description.abstractBotnet has become one major Internet security issue in recent years. Although signature-based solutions are accurate, it is not possible to detect bot variants in real-time. In this paper, we propose behavior-based botnet detection in parallel (BBDP). BBDP adopts a fuzzy pattern recognition approach to detect bots. It detects a bot based on anomaly behavior in domain name service (DNS) queries and transmission control protocol (TCP) requests. With the design objectives of being efficient and accurate, a bot is detected using the proposed five-stage process, including: (i) traffic reduction, which shrinks an input trace by deleting unnecessary packets; (ii) feature extraction, which extracts features from a shrunk trace; (iii) data partitioning, which divides features into smaller pieces; (iv) DNS detection phase, which detects bots based on DNS features; and (v) TCP detection phase, which detects bots based on TCP features. The detection phases, which consume approximately 90% of the total detection time, can be dispatched to multiple servers in parallel and make detection in real-time. The large scale experiments with the Windows Azure cloud service show that BBDP achieves a high true positive rate (95%+) and a low false positive rate (approximate to 3%). Meanwhile, experiments also show that the performance of BBDP can scale up linearly with the number of servers used to detect bots. Copyright (c) 2013 John Wiley & Sons, Ltd.en_US
dc.language.isoen_USen_US
dc.subjectanomaly detectionen_US
dc.subjectbehavior-baseden_US
dc.subjectbotnet detectionen_US
dc.subjectcloud computingen_US
dc.subjectfuzzy pattern recognitionen_US
dc.subjectparallel processen_US
dc.titleBehavior-based botnet detection in parallelen_US
dc.typeArticleen_US
dc.identifier.doi10.1002/sec.898en_US
dc.identifier.journalSECURITY AND COMMUNICATION NETWORKSen_US
dc.citation.volume7en_US
dc.citation.issue11en_US
dc.citation.spage1849en_US
dc.citation.epage1859en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000344322100016en_US
dc.citation.woscount4en_US
Appears in Collections:Articles


Files in This Item:

  1. a604a89233a52d89dc79035d20f79643.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.