Botnet Behavior Detection using Network Synchronism

dc.creatorGarcía, Sebastián
dc.creatorZunino, Alejandro
dc.creatorCampo, Marcelo
dc.date2010
dc.date2010
dc.date2023-05-11T13:23:43Z
dc.date.accessioned2023-07-15T10:24:54Z
dc.date.available2023-07-15T10:24:54Z
dc.identifierhttp://sedici.unlp.edu.ar/handle/10915/152798
dc.identifierhttp://39jaiio.sadio.org.ar/sites/default/files/39-jaiio-ast-21.pdf
dc.identifierissn:1850-2806
dc.identifier.urihttps://repositorioslatinoamericanos.uchile.cl/handle/2250/7491780
dc.descriptionBotnets diversity and dynamism challenge detection and classification algorithms, which depend heavily on botnets protocol and can quickly become avoidable. A more general detection method, then, was needed. We propose an analysis of their most inherent characteristics, like synchronism and network load combined with a detailed analysis of error rates. Not relying in any specific botnet technology or protocol, our classification approach sought to detect synchronic behavioral patterns in network traffic flows and clustered them based on botnets characteristics. Different botnet and normal captures were taken and a time slice approach was used to successfully separate them. Results show that botnets and normal computers traffic can be accurately detected by our approach and thus enhance detection effectiveness.
dc.descriptionSociedad Argentina de Informática e Investigación Operativa
dc.formatapplication/pdf
dc.format1739-1750
dc.languageen
dc.rightshttp://creativecommons.org/licenses/by-nc-sa/4.0/
dc.rightsCreative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
dc.subjectCiencias Informáticas
dc.subjectBotnet
dc.subjectdetection
dc.subjectclustering
dc.subjectEM algorithm
dc.subjectsecurity
dc.titleBotnet Behavior Detection using Network Synchronism
dc.typeObjeto de conferencia
dc.typeObjeto de conferencia


Este ítem pertenece a la siguiente institución