CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

Christian J. Dietrich; Christian Rossow; Norbert Pohlmann

首页> 外文期刊>Computer networks >CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

【24h】

CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

机译：CoCoSpot：使用流量分析来聚类和识别僵尸网络命令和控制通道

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

We present CoCoSpot, a novel approach to recognize botnet command and control channels solely based on traffic analysis features, namely carrier protocol distinction, message length sequences and encoding differences. Thus, CoCoSpot can deal with obfuscated and encrypted C&C protocols and complements current methods to fingerprint and recognize botnet C&C channels. Using average-linkage hierarchical clustering of labeled C&C flows, we show that for more than 20 recent botnets and over 87,000 C&C flows, CoCoSpot can recognize more than 88% of the C&C flows at a false positive rate below 0.1%.

机译：我们介绍CoCoSpot，这是一种仅基于流量分析功能（即载波协议区别，消息长度序列和编码差异）识别僵尸网络命令和控制通道的新颖方法。因此，CoCoSpot可以处理混淆和加密的C＆C协议，并且可以补充当前的方法以识别和识别僵尸网络C＆C通道。使用标记的C＆C流的平均链接层次聚类，我们显示，对于超过20个最新的僵尸网络和超过87,000个C＆C流，CoCoSpot可以以低于0.1％的误报率识别超过88％的C＆C流。

著录项

来源
《Computer networks》 |2013年第2期|475-486|共12页
作者
Christian J. Dietrich; Christian Rossow; Norbert Pohlmann;
展开▼
作者单位

Institute for Internet Security, University of Applied Sciences Celsenkirchen, Neidenbwger Str. 43, 45877 Celsenkirchen. Germany,Department of Computer Science, Friedrich-Alexander University, Erlangen, Germany;

Institute for Internet Security, University of Applied Sciences Celsenkirchen, Neidenbwger Str. 43, 45877 Celsenkirchen. Germany,VU University Amsterdam, The Network Institute, The Netherlands;

Institute for Internet Security, University of Applied Sciences Celsenkirchen, Neidenbwger Str. 43, 45877 Celsenkirchen. Germany;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
botnet CC; botnet detection; traffic analysis; network security;

机译：僵尸网络C＆C;僵尸网络检测;流量分析;网络安全;

相似文献

外文文献
中文文献
专利

1. Fluxing botnet command and control channels with URL shortening services [J] . Sangho Lee, Jong Kim Computer Communications . 2013,第3期

机译：通过URL缩短服务来融合botnet命令和控制通道
2. BotCapturer: Detecting Botnets based on Two-Layered Analysis with Graph Anomaly Detection and Network Traffic Clustering [J] . Wei Wang, Yang Wang, Xinlu Tan, International Journal of Performability Engineering . 2018,第5期

机译：Botcapture：基于Traph异常检测和网络流量聚类的两层分析检测僵尸网络
3. DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis [J] . Tzy-Shiah Wang, Hui-Tang Lin, Wei-Tsung Cheng, Computers & Security . 2017,第jana期

机译：DBod：使用DNS流量分析对基于DGA的僵尸网络进行群集和检测
4. Detection of Covert Botnet Command and Control Channels by Causal Analysis of Traffic Flows [C] . Pieter Burghouwt, Marcel Spruit, Henk Sips International symposium on cyberspace safety and security . 2013

机译：交通流因果分析对秘密僵尸网络指挥控制通道的检测
5. Social Networks as Command & Control Channels for Botnets. [D] . St. Onge, Adam. 2014

机译：社交网络作为僵尸网络的命令和控制渠道。
6. An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic [O] . Basil AsSadhan, José M.F. Moura 2014

机译：通过分析控制平面流量来检测僵尸网络流量中周期性行为的有效方法
7. Active botnet probing to identify obscure command and control channels [O] . Guofei Gu, Vinod Yegneswaran, Phillip Porras, 2009

机译：主动僵尸网络探测以识别模糊的命令和控制通道
8. Modeling and Analysis of Air Traffic Control Voice Communication Channel Loading. [R] . busch,allen c. 1972

机译：空中交通管制语音通信信道加载建模与分析。

CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis

摘要

著录项

相似文献

相关主题

期刊订阅