完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.author | Wang, Kuochen | en_US |
dc.contributor.author | Huang, Chun-Ying | en_US |
dc.contributor.author | Lin, Shang-Jyh | en_US |
dc.contributor.author | Lin, Ying-Dar | en_US |
dc.date.accessioned | 2014-12-08T15:26:13Z | - |
dc.date.available | 2014-12-08T15:26:13Z | - |
dc.date.issued | 2011-10-27 | en_US |
dc.identifier.issn | 1389-1286 | en_US |
dc.identifier.uri | http://dx.doi.org/10.1016/j.comnet.2011.05.026 | en_US |
dc.identifier.uri | http://hdl.handle.net/11536/18606 | - |
dc.description.abstract | Botnet has become a popular technique for deploying Internet crimes. Although signature-based bot detection techniques are accurate, they could be useless when bot variants are encountered. Therefore, behavior-based detection techniques become attractive due to their ability to detect bot variants and even unknown bots. In this paper, we propose a behavior-based botnet detection system based on fuzzy pattern recognition techniques. We intend to identify hot-relevant domain names and IP addresses by inspecting network traces. If domain names and IP addresses used by botnets can be identified, the information can be further used to prevent protected hosts from becoming one member of a botnet. To work with fuzzy pattern recognition techniques, we design several membership functions based on frequently observed bots' behavior including: (1) generate failed DNS queries; (2) have similar DNS query intervals; (3) generate failed network connections; and (4) have similar payload sizes for network connections. Membership functions can be easily altered, removed, or added to enhance the capability of the proposed system. In addition, to improve the overall system performance, we develop a traffic reduction algorithm to reduce the amount of network traffic required to be inspected by the proposed system. Performance evaluation results based on real traces show that the proposed system can reduce more than 70% input raw packet traces and achieve a high detection rate (about 95%) and a low false positive rates (0-3.08%). Furthermore, the proposed FPRF algorithm is resource-efficient and can identify inactive botnets to indicate potential vulnerable hosts. (C) 2011 Elsevier B.V. All rights reserved. | en_US |
dc.language.iso | en_US | en_US |
dc.subject | Botnet | en_US |
dc.subject | Fuzzy pattern recognition | en_US |
dc.subject | Network security | en_US |
dc.subject | Real trace analysis | en_US |
dc.title | A fuzzy pattern-based filtering algorithm for botnet detection | en_US |
dc.type | Article | en_US |
dc.identifier.doi | 10.1016/j.comnet.2011.05.026 | en_US |
dc.identifier.journal | COMPUTER NETWORKS | en_US |
dc.citation.volume | 55 | en_US |
dc.citation.issue | 15 | en_US |
dc.citation.spage | 3275 | en_US |
dc.citation.epage | 3286 | en_US |
dc.contributor.department | 資訊工程學系 | zh_TW |
dc.contributor.department | Department of Computer Science | en_US |
dc.identifier.wosnumber | WOS:000295435500005 | - |
dc.citation.woscount | 5 | - |
顯示於類別: | 期刊論文 |