Title :
A Combined Fusion and Data Mining Framework for the Detection of Botnets
Author :
Kiayias, Aggelos ; Neumann, Justin ; Walluck, David ; McCusker, Owen
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of Connecticut, Storrs, CT
Abstract :
This paper describes a combined fusion and mining framework applied to the detection of stealthy botnets.The framework leverages a fusion engine that tracks hosts through the use of feature-based profiles generated from multiple network sensor types. These profiles are classified and correlated based on a set of known host profiles, e.g., web servers, mail servers,and bot behavioral characteristics. A mining engine discovers emergent threat profiles and delivers them to the fusion engine for processing. We describe the distributed nature of botnets and how they are created and managed. We then describe a combined fusion and mining model that builds on recent work in the cybersecurity domain. The framework we present employs an adaptive fusion system driven by a mining system focused on the discovery of new threats. We conclude with a discussion of experimental results, deployment issues, and a summary of our arguments.
Keywords :
data mining; sensor fusion; adaptive fusion system; botnets; crimeware; data mining; distributed detection model; distributed threat; fusion engine; mining engine; multiple network sensor; Application software; Computer science; Computer security; Data engineering; Data mining; Engines; Fusion power generation; Peer to peer computing; Sensor phenomena and characterization; Terrorism; botnets; crimeware; data fusion; data mining; distributed detection model; distributed threat; hyperplane; network behavior analyzer; profile; threat-centricity.;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.9
