Title :
Research of botnet anomaly detection alogrithm based on private protocol
Author :
Chen, Luying ; Wang, Xinliang ; Zhao, Xin ; Li, Weimin
Author_Institution :
Sch. of Inf. & Commun. Eng., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Since the most domestic popular botnets based on private protocols use encrypted communication, the performance of traditional anomaly detection methods based on DPI technology for botnet is not ideal. This paper, with utilization of the feature that there exists periodic communication behavior in botnet, regards source IP, destination IP and destination port as the unique identifier to extract the time sequence which is analyzed in frequency domain. Because abnormal data has obvious periodicity, the corresponding distribution of frequency is relatively more centralized while normal data decentralized. Based on the spectral characteristics, this paper uses coefficient of variation of spectrum and spectral entropy to realize anomaly detection of botnet. Experimental results show that the detection algorithm based on coefficient of variation of spectrum achieves better results.
Keywords :
IP networks; computer network security; cryptographic protocols; entropy; frequency allocation; frequency-domain analysis; spectral analysis; IP; botnet anomaly detection; encrypted communication; frequency-domain; periodic communication; private protocol; spectral entropy; spectrum entropy; Conferences; Educational institutions; Internet; Protocols; Security; botnet; periodic communication; variation coefficient;
Conference_Titel :
Broadband Network and Multimedia Technology (IC-BNMT), 2010 3rd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6769-3
DOI :
10.1109/ICBNMT.2010.5704868
