Detecting encrypted botnet traffic

Han Zhang; Christos Papadopoulos; Dan Massey

doi:10.1109/infcom.2013.6567180

ScienceGate Book Chapters

JOURNAL ARTICLE

Detecting encrypted botnet traffic

Han Zhang Christos Papadopoulos Dan Massey

Year: 2013 Pages: 3453-3458

DOI: 10.1109/infcom.2013.6567180

Get Full-Text PDF Get Analytical Report

Abstract

Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding highentropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.

Keywords:

Encryption Botnet Computer science Computer security Entropy (arrow of time) Deep packet inspection Cryptography Network packet Classifier (UML) Artificial intelligence Operating system The Internet

Metrics

Cited By

2.83

FWCI (Field Weighted Citation Impact)

Refs

0.93

Citation Normalized Percentile

Is in top 1%

Is in top 10%

Citation History

Topics

Internet Traffic Analysis and Secure E-voting

Physical Sciences → Computer Science → Artificial Intelligence

Network Security and Intrusion Detection

Physical Sciences → Computer Science → Computer Networks and Communications

Advanced Malware Detection Techniques

Physical Sciences → Computer Science → Signal Processing

Detecting encrypted botnet traffic

Abstract

Metrics

Citation History

Topics

Related Documents

Detecting encrypted botnet traffic

Detecting botnet by anomalous traffic

BoNC: Discovering and Classifying Novel Encrypted Botnet Traffic

Detecting Botnet based on Network Traffic

Botnet protocol inference in the presence of encrypted traffic