BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

Gu, Guofei; Perdisci, Roberto; Zhang, Junjie; Lee, Wenke

articleJournal of Bioresource ManagementJul 28, 2008GREEN OA

BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

GGGuofei Gu RPRoberto Perdisci JZJunjie Zhang WLWenke Lee

Abstract

Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&amp;C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&amp;C techniques. In this paper, we present a general detection framework that is independent of botnet C&amp;C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&amp;C server names/addresses). We start from the definition and essential properties of…

Citation impact

1,023

total citations

FWCI: 83.10
Percentile: 100%
References: 37

Citations per year

Authors

4

Topics & keywords

Topics

Keywords

Botnet
Denial-of-service attack
Computer science
Malware
Computer security
Computer network
Command and control
Server

No related works found for this paper.