Home > Research > Publications & Outputs > BotSpot

Research

Links

Text available via DOI:

View graph of relations

BotSpot: fast graph based identification of structured P2P bots

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

BotSpot: fast graph based identification of structured P2P bots. / Venkatesh, Bharath; Choudhury, Sudip Hazra; Nagaraja, Shishir et al.
In: Journal of Computer Virology and Hacking Techniques, Vol. 11, No. 4, 11.2015, p. 247-261.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Venkatesh, B, Choudhury, SH, Nagaraja, S & Balakrishnan, N 2015, 'BotSpot: fast graph based identification of structured P2P bots', Journal of Computer Virology and Hacking Techniques, vol. 11, no. 4, pp. 247-261. https://doi.org/10.1007/s11416-015-0250-2

APA

Venkatesh, B., Choudhury, S. H., Nagaraja, S., & Balakrishnan, N. (2015). BotSpot: fast graph based identification of structured P2P bots. Journal of Computer Virology and Hacking Techniques, 11(4), 247-261. https://doi.org/10.1007/s11416-015-0250-2

Vancouver

Venkatesh B, Choudhury SH, Nagaraja S, Balakrishnan N. BotSpot: fast graph based identification of structured P2P bots. Journal of Computer Virology and Hacking Techniques. 2015 Nov;11(4):247-261. Epub 2015 Sept 2. doi: 10.1007/s11416-015-0250-2

Author

Venkatesh, Bharath ; Choudhury, Sudip Hazra ; Nagaraja, Shishir et al. / BotSpot : fast graph based identification of structured P2P bots. In: Journal of Computer Virology and Hacking Techniques. 2015 ; Vol. 11, No. 4. pp. 247-261.

Bibtex

@article{63a65ae92eb44d7bb036aed5885f9372,
title = "BotSpot: fast graph based identification of structured P2P bots",
abstract = "An essential component of a botnet is the Command and Control (C2) channel (a network). The mechanics of C2 establishment often involve the use of structured overlay techniques which create a scaffolding for sophisticated coordinated activities. However, it can also be used as a point of detection because of their distinct communication patterns. Achieving this is a needle-in-a-haystack search problem across distributed vantage points. The search technique must be efficient given the high traffic throughput of modern core routers. In this paper, we focus on efficient algorithms for C2 channel detection. Experimental results on real Internet traffic traces from an ISP{\textquoteright}s backbone network indicate that our techniques, (i) have time complexity linear in the volume of traffic, (ii) have high F-measure, and (iii) are robust to the partial visibility arising from partial deployment of monitoring systems, and measurement inaccuracies arising from partial visibility and dynamics of background traffic.",
author = "Bharath Venkatesh and Choudhury, {Sudip Hazra} and Shishir Nagaraja and N. Balakrishnan",
year = "2015",
month = nov,
doi = "10.1007/s11416-015-0250-2",
language = "English",
volume = "11",
pages = "247--261",
journal = "Journal of Computer Virology and Hacking Techniques",
issn = "2274-2042",
publisher = "Springer Science + Business Media",
number = "4",

}

RIS

TY - JOUR

T1 - BotSpot

T2 - fast graph based identification of structured P2P bots

AU - Venkatesh, Bharath

AU - Choudhury, Sudip Hazra

AU - Nagaraja, Shishir

AU - Balakrishnan, N.

PY - 2015/11

Y1 - 2015/11

N2 - An essential component of a botnet is the Command and Control (C2) channel (a network). The mechanics of C2 establishment often involve the use of structured overlay techniques which create a scaffolding for sophisticated coordinated activities. However, it can also be used as a point of detection because of their distinct communication patterns. Achieving this is a needle-in-a-haystack search problem across distributed vantage points. The search technique must be efficient given the high traffic throughput of modern core routers. In this paper, we focus on efficient algorithms for C2 channel detection. Experimental results on real Internet traffic traces from an ISP’s backbone network indicate that our techniques, (i) have time complexity linear in the volume of traffic, (ii) have high F-measure, and (iii) are robust to the partial visibility arising from partial deployment of monitoring systems, and measurement inaccuracies arising from partial visibility and dynamics of background traffic.

AB - An essential component of a botnet is the Command and Control (C2) channel (a network). The mechanics of C2 establishment often involve the use of structured overlay techniques which create a scaffolding for sophisticated coordinated activities. However, it can also be used as a point of detection because of their distinct communication patterns. Achieving this is a needle-in-a-haystack search problem across distributed vantage points. The search technique must be efficient given the high traffic throughput of modern core routers. In this paper, we focus on efficient algorithms for C2 channel detection. Experimental results on real Internet traffic traces from an ISP’s backbone network indicate that our techniques, (i) have time complexity linear in the volume of traffic, (ii) have high F-measure, and (iii) are robust to the partial visibility arising from partial deployment of monitoring systems, and measurement inaccuracies arising from partial visibility and dynamics of background traffic.

U2 - 10.1007/s11416-015-0250-2

DO - 10.1007/s11416-015-0250-2

M3 - Journal article

VL - 11

SP - 247

EP - 261

JO - Journal of Computer Virology and Hacking Techniques

JF - Journal of Computer Virology and Hacking Techniques

SN - 2274-2042

IS - 4

ER -