To search, Click below search items. |
| All Published Papers Search Service |
|
|
|
Title |
Multiclass botnet detection and Countermeasures Selection |
|
Author |
Farhan Tariq, Shamim baig |
| Citation |
Vol. 24 No. 5 pp. 205-211 |
|
Abstract |
The increasing number of botnet attacks incorporating new evasion techniques making it infeasible to completely secure complex computer network system. The botnet infections are likely to be happen, the timely detection and response to these infections helps to stop attackers before any damage is done. The current practice in traditional IP networks require manual intervention to response to any detected malicious infection. This manual response process is more probable to delay and increase the risk of damage. To automate this manual process, this paper proposes to automatically select relevant countermeasures for detected botnet infection. The propose approach uses the concept of flow trace to detect botnet behavior patterns from current and historical network activity. The approach uses the multiclass machine learning based approach to detect and classify the botnet activity into IRC, HTTP, and P2P botnet. This classification helps to calculate the risk score of the detected botnet infection. The relevant countermeasures selected from available pool based on risk score of detected infection. |
|
Keywords |
botnet, detection, mitigation, countermeasure, malware, Multiclass machine learning, NBA, SDN, TSDR, OpenFlow, Opendaylight, flows. |
|
URL |
