Botnets have become one of the most significant cyber threats over the last decade. The diffusion of the "Internet of Things" and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, and on analyzing the network traffic generated by the infected hosts, in order to find behavioral patterns independent from the specific payloads, architectures and protocols. In this paper we address the periodic behavioral patterns of infected hosts communicating with their Command-and-Control servers. The main novelty introduced is related to the traffic analysis in the frequency domain without using the well-known Fast Fourier Transform. Moreover, the mentioned analysis is performed through the exploitation of the proxy logs, easily deployable on almost every real-world scenario, from enterprise networks to mobile devices.

Bottazzi, G., Italiano, G., & Rutigliano, G. (2016). Frequency domain analysis of large-scale proxy logs for botnet traffic detection. In SECURITY OF INFORMATION AND NETWORKS (SIN'16) (pp.76-80). Association for Computing Machinery [10.1145/2947626.2947634].

Frequency domain analysis of large-scale proxy logs for botnet traffic detection

Bottazzi, G;Italiano, GF;Rutigliano, GG
2016

Abstract

Botnets have become one of the most significant cyber threats over the last decade. The diffusion of the "Internet of Things" and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, and on analyzing the network traffic generated by the infected hosts, in order to find behavioral patterns independent from the specific payloads, architectures and protocols. In this paper we address the periodic behavioral patterns of infected hosts communicating with their Command-and-Control servers. The main novelty introduced is related to the traffic analysis in the frequency domain without using the well-known Fast Fourier Transform. Moreover, the mentioned analysis is performed through the exploitation of the proxy logs, easily deployable on almost every real-world scenario, from enterprise networks to mobile devices.
International conference on security of Information and networks, 9. (SIN 2016)
usa
2016
Rilevanza internazionale
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
eng
Botnet; frequency domain; logs; mining; proxy; human-computer interaction; computer networks and communications; 1707; software
http://portal.acm.org/
Intervento a convegno
Bottazzi, G., Italiano, G., & Rutigliano, G. (2016). Frequency domain analysis of large-scale proxy logs for botnet traffic detection. In SECURITY OF INFORMATION AND NETWORKS (SIN'16) (pp.76-80). Association for Computing Machinery [10.1145/2947626.2947634].
Bottazzi, G; Italiano, G; Rutigliano, G
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2108/201136
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 3
social impact