Botyacc - Research Portal | Lancaster University

Computing and Communications

Text available via DOI:

https://doi.org/10.1007/978-3-319-11212-1_25
Final published version

Keywords

Traffic analysis, botnet detection, behavioural analysis, graph theory

View graph of relations

Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Published

Shishir Nagaraja

More...

Publication date	2014
Host publication	Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II
Editors	Mirosław Kutyłowski, Jaideep Vaidya
Publisher	Springer
Pages	439-456
Number of pages	18
ISBN (electronic)	9783319112121
ISBN (print)	9783319112114
<mark>Original language</mark>	English

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	8713
ISSN (Print)	0302-9743
ISSN (electronic)	1611-3349

Abstract

We propose a novel technique for detecting P2P botnets. Detection is
based on two working principles. First, we exploit a {\bf fundamental
property} of botnet design: peer-to-peer connectivity topologies are
fundamental to botnet survivability. Second, we use traffic-flow
pattern analysis to capture traffic similarity within a botnet. Our
work unifies graph-theoretic detection with behavioural detection into
a single technique. We carried out evaluation over live P2P botnet
traffic and show that the resulting algorithm can localise the
majority of bots with low false-positive rate.

Research

Links

Text available via DOI:

Keywords

Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis

Publication series

Abstract

Quick Links

Connect With Us

Faculties & Depts

Contact Us