%0 Conference Proceedings
%T BotInfer: A Bot Inference Approach by Correlating Host and Network Information
%+ College of Information and Technology Science [Jilin]
%A He, Yukun
%A Li, Qiang
%A Ji, Yuede
%A Guo, Dong
%Z Part 5: Session 5: Miscellaneous
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 10th International Conference on Network and Parallel Computing (NPC)
%C Guiyang, China
%Y Ching-Hsien Hsu
%Y Xiaoming Li
%Y Xuanhua Shi
%Y Ran Zheng
%I Springer
%3 Network and Parallel Computing
%V LNCS-8147
%P 356-367
%8 2013-09-19
%D 2013
%R 10.1007/978-3-642-40820-5_30
%K bot detection
%K cluster
%K flow analysis
%K inference algorithm
%Z Computer Science [cs]Conference papers
%X Botnet is widely used in cyber-attacks and becomes a serious threat to network security. Existing approaches can detect botnet effectively in certain environments, however problems still exist in using host or network detection approaches respectively, such as robustness in detection tools, difficulties in global deployment and low precision rate. To solve the above problems, a novel detection approach called BotInfer is proposed. In BotInfer approach, host-based bot detection tools are deployed on some of the hosts; network flow of all the hosts is captured and analyzed; host detection result and flow information are correlated by the bot inference engine. Through the experiments, BotInfer can effectively detect the hosts in the network. When the deployment rate of bot detection tools in the network reaches 80%, the precision rate of the hosts with detection tools is about 99%, and the precision rate of the hosts without detection tools is about 86%.
%G English
%2 https://inria.hal.science/hal-01513770/document
%2 https://inria.hal.science/hal-01513770/file/978-3-642-40820-5_30_Chapter.pdf
%L hal-01513770
%U https://inria.hal.science/hal-01513770
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-NPC
%~ IFIP-LNCS-8147