Visible to the public Event graphs for the observation of botnet traffic

TitleEvent graphs for the observation of botnet traffic
Publication TypeConference Paper
Year of Publication2017
AuthorsAcarali, D., Rajarajan, M., Komninos, N., Herwono, I.
Conference Name2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)
Date Publishedoct
KeywordsAlgorithm design and analysis, bot programs, Botnet, botnet traffic, computer network security, computer security, Correlation, cyber-crime campaigns, event graphs, graph theory, host machines, Human Behavior, Image edge detection, Information security, Malware, malware analysis, Metrics, network event correlation method, network resources, network vulnerabilities, privacy, pubcrawl, resilience, Resiliency, sensitive information, statistical flow-based analysis, telecommunication traffic

Botnets are a growing threat to the security of data and services on a global level. They exploit vulnerabilities in networks and host machines to harvest sensitive information, or make use of network resources such as memory or bandwidth in cyber-crime campaigns. Bot programs by nature are largely automated and systematic, and this is often used to detect them. In this paper, we extend upon existing work in this area by proposing a network event correlation method to produce graphs of flows generated by botnets, outlining the implementation and functionality of this approach. We also show how this method can be combined with statistical flow-based analysis to provide a descriptive chain of events, and test on public datasets with an overall success rate of 94.1%.

Citation Keyacarali_event_2017