• DocumentCode
    623974
  • Title

    Detecting encrypted botnet traffic

  • Author

    Han Zhang ; Papadopoulos, Christos ; Massey, Dan

  • Author_Institution
    Comput. Sci. Dept., Colorado State Univ., Fort Collins, CO, USA
  • fYear
    2013
  • fDate
    14-19 April 2013
  • Firstpage
    3453
  • Lastpage
    1358
  • Abstract
    Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding highentropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.
  • Keywords
    cryptography; entropy; BotHunter; bot detection tool; bot visibility; deep packet inspection; encrypted botnet traffic detection; encryption; entropy; Detectors; Encryption; Entropy; IP networks; Malware; Payloads;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INFOCOM, 2013 Proceedings IEEE
  • Conference_Location
    Turin
  • ISSN
    0743-166X
  • Print_ISBN
    978-1-4673-5944-3
  • Type

    conf

  • DOI
    10.1109/INFCOM.2013.6567180
  • Filename
    6567180
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=623974