Ontology-based botnet topology discovery approach with ip flow data

Ci Bin Jiang, Jung Shian Li

研究成果: Article同行評審

摘要

Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.

原文English
頁(從 - 到)308-325
頁數18
期刊International Journal of Innovative Computing, Information and Control
11
發行號1
出版狀態Published - 2015 一月 1

All Science Journal Classification (ASJC) codes

  • 軟體
  • 理論電腦科學
  • 資訊系統
  • 計算機理論與數學

指紋

深入研究「Ontology-based botnet topology discovery approach with ip flow data」主題。共同形成了獨特的指紋。

引用此