• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International symposium on cyberspace safety and security >Detection of Covert Botnet Command and Control Channels by Causal Analysis of Traffic Flows
【24h】

Detection of Covert Botnet Command and Control Channels by Causal Analysis of Traffic Flows

机译:交通流因果分析对秘密僵尸网络指挥控制通道的检测

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Command and Control communication of a botnet is evolving into sophisticated covert communication. Techniques as encryption, steganography, and recently the use of social network websites as a proxy, impede conventional detection of botnet communication. In this paper we propose detection of covert communication by passive hostexternal analysis of causal relationships between traffic flows and prior traffic or user activity. Identifying the direct causes of traffic flows, allows for real-time bot detection with a low exposure to malware, and offline forensic analysis of traffic. The proposed causal analysis of traffic is experimentally evaluated by a self-developed tool called CITRIC with various types of real Command and Control traffic.
机译:僵尸网络的命令和控制通信正在演变为复杂的隐蔽通信。加密,隐写术以及最近使用社交网络网站作为代理的技术阻碍了对僵尸网络通信的常规检测。在本文中,我们建议通过对流量与先前流量或用户活动之间的因果关系进行被动主机外部分析来检测隐蔽通信。识别流量的直接原因,可以在不受到恶意软件影响的情况下进行实时漫游器检测,并可以对流量进行离线取证分析。拟议的流量因果分析是通过一种称为CITRIC的自行开发的工具对各种实际的“指挥与控制”流量进行实验性评估的。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号