Strayer et al., 2008 - Google Patents
Botnet detection based on network behaviorStrayer et al., 2008
View PDF- Document ID
- 14564864270412325547
- Author
- Strayer W
- Lapsely D
- Walsh R
- Livadas C
- Publication year
- Publication venue
- Botnet Detection: Countering the Largest Security Threat
External Links
Snippet
2 W. Timothy Strayer, David Lapsely, Robert Walsh, and Carl Livadas to US-CERT) issued a warning about the increase in trojan activity targeting UK government networks, stating that “the attacker's aim appears to be covert gathering and transmitting of commercially or …
- 238000001514 detection method 0 title description 21
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/02—Communication control; Communication processing contains provisionally no documents
- H04L29/06—Communication control; Communication processing contains provisionally no documents characterised by a protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Strayer et al. | Botnet detection based on network behavior | |
| US11924170B2 (en) | Methods and systems for API deception environment and API traffic control and security | |
| Strayer et al. | Detecting botnets with tight command and control | |
| Idhammad et al. | Detection system of HTTP DDoS attacks in a cloud environment based on information theoretic entropy and random forest | |
| Thapngam et al. | Discriminating DDoS attack traffic from flash crowd through packet arrival patterns | |
| Wang et al. | A new multistage approach to detect subtle DDoS attacks | |
| Gurulakshmi et al. | Analysis of IoT bots against DDOS attack using machine learning algorithm | |
| Saravanan et al. | Behavior-based detection of application layer distributed denial of service attacks during flash events | |
| Sofi et al. | Machine learning techniques used for the detection and analysis of modern types of ddos attacks | |
| Goher et al. | Covert channel detection: A survey based analysis | |
| Sung et al. | Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation | |
| EP3427437A1 (en) | Ddos defence in a packet-switched network | |
| Aiello et al. | Profiling DNS tunneling attacks with PCA and mutual information | |
| Thakur et al. | Detection and prevention of botnets and malware in an enterprise network | |
| Haddadi et al. | DoS-DDoS: taxonomies of attacks, countermeasures, and well-known defense mechanisms in cloud environment | |
| Barthakur et al. | An efficient machine learning based classification scheme for detecting distributed command & control traffic of P2P botnets | |
| Shahrestani et al. | Architecture for applying data mining and visualization on network flow for botnet traffic detection | |
| Shamsolmoali et al. | C2DF: High rate DDOS filtering method in cloud computing | |
| De Montigny-Leboeuf | Flow attributes for use in traffic characterization | |
| KR101078851B1 (en) | Botnet group detecting system using group behavior matrix based on network and botnet group detecting method using group behavior matrix based on network | |
| Kato et al. | A real-time intrusion detection system (IDS) for large scale networks and its evaluations | |
| Koay | Detecting high and low intensity distributed denial of service (ddos) attacks | |
| Cusack et al. | Detecting and tracing slow attacks on mobile phone user service | |
| Oujezsky et al. | Modeling botnet C&C traffic lifespans from NetFlow using survival analysis | |
| Kabiri et al. | Category-based selection of effective parameters for intrusion detection |