%0 Conference Proceedings
%T A Collaborative Approach to Botnet Protection
%+ Aalborg University [Denmark] (AAU)
%+ Danmarks Tekniske Universitet = Technical University of Denmark (DTU)
%A Stevanovic, Matija
%A Revsbech, Kasper
%A Pedersen, Jens, Myrup
%A Sharp, Robin
%A Jensen, Christian, Damsgaard
%Z Part 2: Workshop
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES)
%C Prague, Czech Republic
%Y Gerald Quirchmayr
%Y Josef Basl
%Y Ilsun You
%Y Lida Xu
%Y Edgar Weippl
%I Springer
%3 Multidisciplinary Research and Practice for Information Systems
%V LNCS-7465
%P 624-638
%8 2012-08-20
%D 2012
%R 10.1007/978-3-642-32498-7_47
%K Botnets
%K Botnet Detection
%K Collaborative Framework
%K Correlation Analysis
%Z Computer Science [cs]
%Z Humanities and Social Sciences/Library and information sciencesConference papers
%X Botnets are collections of compromised computers which have come under the control of a malicious person or organisation via malicious software stored on the computers, and which can then be used to interfere with, misuse, or deny access to a wide range of Internet-based services. With the current trend towards increasing use of the Internet to support activities related to banking, commerce, healthcare and public administration, it is vital to be able to detect and neutralise botnets, so that these activities can continue unhindered. In this paper we present an overview of existing botnet detection techniques and argue why a new, composite detection approach is needed to provide efficient and effective neutralisation of botnets. This approach should combine existing detection efforts into a collaborative botnet protection framework that receives input from a range of different sources, such as packet sniffers, on-access anti-virus software and behavioural analysis of network traffic, computer sub-systems and application programs. Finally, we introduce ContraBot, a collaborative botnet detection framework which combines approaches that analyse network traffic to identify patterns of botnet activity with approaches that analyse software to detect items which are capable of behaving maliciously.
%G English
%Z TC 5
%Z TC 8
%Z WG 8.4
%Z WG 8.9
%2 https://inria.hal.science/hal-01542425/document
%2 https://inria.hal.science/hal-01542425/file/978-3-642-32498-7_47_Chapter.pdf
%L hal-01542425
%U https://inria.hal.science/hal-01542425
%~ SHS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC5
%~ IFIP-WG
%~ IFIP-TC8
%~ IFIP-CD-ARES
%~ IFIP-WG8-4
%~ IFIP-WG8-9
%~ IFIP-LNCS-7465