完整後設資料紀錄
DC 欄位語言
dc.contributor.authorWang, Kuochenen_US
dc.contributor.authorHuang, Chun-Yingen_US
dc.contributor.authorLin, Shang-Jyhen_US
dc.contributor.authorLin, Ying-Daren_US
dc.date.accessioned2014-12-08T15:26:13Z-
dc.date.available2014-12-08T15:26:13Z-
dc.date.issued2011-10-27en_US
dc.identifier.issn1389-1286en_US
dc.identifier.urihttp://dx.doi.org/10.1016/j.comnet.2011.05.026en_US
dc.identifier.urihttp://hdl.handle.net/11536/18606-
dc.description.abstractBotnet has become a popular technique for deploying Internet crimes. Although signature-based bot detection techniques are accurate, they could be useless when bot variants are encountered. Therefore, behavior-based detection techniques become attractive due to their ability to detect bot variants and even unknown bots. In this paper, we propose a behavior-based botnet detection system based on fuzzy pattern recognition techniques. We intend to identify hot-relevant domain names and IP addresses by inspecting network traces. If domain names and IP addresses used by botnets can be identified, the information can be further used to prevent protected hosts from becoming one member of a botnet. To work with fuzzy pattern recognition techniques, we design several membership functions based on frequently observed bots' behavior including: (1) generate failed DNS queries; (2) have similar DNS query intervals; (3) generate failed network connections; and (4) have similar payload sizes for network connections. Membership functions can be easily altered, removed, or added to enhance the capability of the proposed system. In addition, to improve the overall system performance, we develop a traffic reduction algorithm to reduce the amount of network traffic required to be inspected by the proposed system. Performance evaluation results based on real traces show that the proposed system can reduce more than 70% input raw packet traces and achieve a high detection rate (about 95%) and a low false positive rates (0-3.08%). Furthermore, the proposed FPRF algorithm is resource-efficient and can identify inactive botnets to indicate potential vulnerable hosts. (C) 2011 Elsevier B.V. All rights reserved.en_US
dc.language.isoen_USen_US
dc.subjectBotneten_US
dc.subjectFuzzy pattern recognitionen_US
dc.subjectNetwork securityen_US
dc.subjectReal trace analysisen_US
dc.titleA fuzzy pattern-based filtering algorithm for botnet detectionen_US
dc.typeArticleen_US
dc.identifier.doi10.1016/j.comnet.2011.05.026en_US
dc.identifier.journalCOMPUTER NETWORKSen_US
dc.citation.volume55en_US
dc.citation.issue15en_US
dc.citation.spage3275en_US
dc.citation.epage3286en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000295435500005-
dc.citation.woscount5-
顯示於類別:期刊論文


文件中的檔案:

  1. 000295435500005.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。