• DocumentCode
    1957792
  • Title

    Heuristics for Detecting Botnet Coordinated Attacks

  • Author

    Kuwabara, Kazuya ; Kikuchi, Hiroaki ; Terada, Masato ; Fujiwara, Masashi

  • Author_Institution
    Grad. Sch. of Sci. & Technol., Tokai Univ., Hiratsuka, Japan
  • fYear
    2010
  • fDate
    15-18 Feb. 2010
  • Firstpage
    603
  • Lastpage
    607
  • Abstract
    This paper studies the analysis on the Cyber Clean Center (CCC) Data Set 2009, consisting of raw packets captured more than 90 independent honeypots, in order for detecting behavior of downloads and the port-scans. The analyses show that some new features of the coordinated attacks performed by Botnet, e.g., some particular strings contained in packets in downloading malwares, and the common patterns in downloading malwares from distributed servers. Based on the analysis, the paper proposes the heuristic techniques for detection of malwares made by Botnet coordinated attack and reports the accuracy of the proposed heuristics. The detection process is automated in the proposed decision tree consisting of statistics, such as, a number of total inbound packets, and an average rate of downloading malwares.
  • Keywords
    decision trees; invasive software; statistics; botnet coordinated attack detection; cyber clean center data set 2009; decision tree; distributed servers; download behavior; heuristic techniques; honeypots; malwares; port-scan behavior; statistics; Availability; Collaboration; Computer worms; Network servers; Protocols; Robot kinematics; Security; Spine; Botnet; network;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability, and Security, 2010. ARES '10 International Conference on
  • Conference_Location
    Krakow
  • Print_ISBN
    978-1-4244-5879-0
  • Type

    conf

  • DOI
    10.1109/ARES.2010.68
  • Filename
    5438029
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1957792