| Penerbit |
| IEEE,2008 |
| Pengarang |
| Mohammad M.Masud,Tahseen Al-Khateeb,Latifur Khan; |
| Judul Artikel |
| Flow-based Identification of Botnet Traffic by Mining Multiple Log Files |
| Nama Prosiding |
| PROCEEDINGS The First International Conference on Distributed Frameworks and Applications : DFmA 2008 21-22 October 2008,USM,Penang,Malaysia |
| Bahasa |
| Inggris |
| Abstrak Indonesia |
|
| Abstrak English |
| detection and distruption has been a major research topic in recent years.One effective technique for botnet detection is to identify Command and Control (C&C) traffic,which is sent from a C&C center to infected hosts (bots)to control the bots .If this traffic can be detected ,both the C&C center and the bots it controls can be detected and the botnet can be distrubted.We propose a multiple log-file based temporal correlation technique for detecting C&C traffic .Our main assumtion is that bots respon much faster than humans .By temporally correlating two host-based log files,we are able to detect this property and thereby detect bot activity in a host machine.In our experiments we apply this technique to log files produced by tcpdump and exedump,which record all incomming and outgoing network packets,and the start times pf application executions at the host machine,respectively.We apply data mining to extract relevant feature from these log files and detect C&C traffic.Our experimental results validate our assumption and show better overall performance when campared to other recently published technique. |
| Kata Kunci |
| Malware,botnet,intrusion detection,data timing |
| Tahun |
| 2008 |
| No. Panggil |
| SEM-305 |