• DocumentCode
    621185
  • Title

    Detecting encrypted botnet traffic

  • Author

    Han Zhang ; Papadopoulos, Christos ; Massey, Dan

  • Author_Institution
    Comput. Sci. Dept., Colorado State Univ., Fort Collins, CO, USA
  • fYear
    2013
  • fDate
    14-19 April 2013
  • Firstpage
    163
  • Lastpage
    168
  • Abstract
    Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high-entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.
  • Keywords
    computer network security; cryptography; entropy; inspection; peer-to-peer computing; telecommunication traffic; BotHunter enhancement; DPI; advanced hybrid peer-to-peer botnet; bot detection methods; bot detection tool; deep packet inspection; encrypted botnet traffic detection; high-entropy classifiers; high-entropy detectors; Detectors; Encryption; Entropy; IP networks; Malware; Payloads;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on
  • Conference_Location
    Turin
  • Print_ISBN
    978-1-4799-0055-8
  • Type

    conf

  • DOI
    10.1109/INFCOMW.2013.6562912
  • Filename
    6562912
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=621185