By Topic

Enhancing Network Based Bot Detection with Contextual Information

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)
Kawagcuhi, N. ; Syst. Dev. Lab., Hitachi, Ltd., Kawasaki, Japan ; Okouchi, K. ; Nakakoji, H. ; Kito, T.
more authors

In this paper, we propose a bot detection method that enhances traffic analysis of Network based IDS (NIDS) by using process contextual information obtained from monitored machines. Existing NIDS classifies hosts suspected of doing both of the Command and Control (C&C) communication and infection activities as bots. However, this approach cannot conduct finer-grained analysis than IP address level, and which leads to false positives and negatives. To address this problem, this proposed method enables NIDS to achieve process-grained detection by feeding the contextual information of the processes that perform network activities. Through experiments using a prototype implementation on Xen and a bot sample, we demonstrate that the proposed method enables to detect bots appropriately.

Published in:

Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on

Date of Conference:

19-23 July 2010