Title :
Detecting encrypted botnet traffic
Author :
Han Zhang ; Papadopoulos, Christos ; Massey, Dan
Author_Institution :
Comput. Sci. Dept., Colorado State Univ., Fort Collins, CO, USA
Abstract :
Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding highentropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.
Keywords :
cryptography; entropy; BotHunter; bot detection tool; bot visibility; deep packet inspection; encrypted botnet traffic detection; encryption; entropy; Detectors; Encryption; Entropy; IP networks; Malware; Payloads;
Conference_Titel :
INFOCOM, 2013 Proceedings IEEE
Conference_Location :
Turin
Print_ISBN :
978-1-4673-5944-3
DOI :
10.1109/INFCOM.2013.6567180
