Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique

Wei Min Lee, Amir Rezapour, Wen-Guey Tzeng

研究成果: Conference contribution同行評審

2 引文 斯高帕斯(Scopus)

摘要

Modern botnets are progressively migrating to P2P network to resist against take-down attempts. In addition, new botnets use randomization in their behavior to evade detection. In this paper, we propose a new method for detecting stealthy P2P bots. We formulate the problem as a re-identification problem. This opens the possibility of powerful instantiations of detection algorithms to address the botnet detection problem. We also use a nontrivial feature selection technique to discover the best feature pairs for conducting comparison between two flows. We use real-world botnet data to evaluate the performance of Monsieur Poirot and compare it with existing flow-based algorithms. Monsieur Poirot is robust towards injection of noise in the communication patterns. The experimental results show that Monsieur Poirot is able to identify P2P bots with an average TPR of 98.65% and an average FPR of 0.21%.

原文English
主出版物標題2018 IEEE International Conference on Communications, ICC 2018 - Proceedings
發行者Institute of Electrical and Electronics Engineers Inc.
ISBN(列印)9781538631805
DOIs
出版狀態Published - 27 七月 2018
事件2018 IEEE International Conference on Communications, ICC 2018 - Kansas City, United States
持續時間: 20 五月 201824 五月 2018

出版系列

名字IEEE International Conference on Communications
2018-May
ISSN(列印)1550-3607

Conference

Conference2018 IEEE International Conference on Communications, ICC 2018
國家United States
城市Kansas City
期間20/05/1824/05/18

指紋 深入研究「Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique」主題。共同形成了獨特的指紋。

引用此