Ibrahim Ghafir
BotDet: A System for Real Time Botnet Command and Control Traffic Detection
Ghafir, Ibrahim; Prenosil, Vaclav; Hammoudeh, Mohammad; Baker, Thar; Jabbar, Sohail; Khalid, Shehzad; Jaf, Sardar
Authors
Vaclav Prenosil
Mohammad Hammoudeh
Thar Baker
Sohail Jabbar
Shehzad Khalid
Sardar Jaf
Abstract
Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed sytsem: (i) we have developed four detection modules to detect different possible techniques used in botnet C&C communications; (ii) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6% respectively. Furthermore, it proves BotDet capability of real time detection.
| Journal Article Type | Article |
|---|---|
| Acceptance Date | May 26, 2018 |
| Online Publication Date | Jun 13, 2018 |
| Publication Date | Jul 30, 2018 |
| Deposit Date | Jun 12, 2018 |
| Publicly Available Date | Jul 26, 2018 |
| Journal | IEEE Access |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Volume | 6 |
| Pages | 38947-38958 |
| DOI | https://doi.org/10.1109/access.2018.2846740 |
| Public URL | https://durham-repository.worktribe.com/output/1357310 |
Files
Published Journal Article (Final published version)
(5 Mb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
Copyright Statement
Final published version
Published Journal Article (Advance online version)
(612 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
Copyright Statement
Advance online version This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.
You might also like
CAM: A Combined Attention Model for Natural Language Inference
(2018)
Presentation / Conference Contribution
An Exploration of Dropout with RNNs for Natural Language Inference
(2018)
Presentation / Conference Contribution
Improved Arabic Characters Recognition by Combining Multiple Machine Learning Classifiers
(2017)
Presentation / Conference Contribution
A Semi-automatic Approach to Identifying and Unifying Ambiguously Encoded Arabic-Based Characters
(2017)
Presentation / Conference Contribution
A Simple Approach to Unify Ambiguously Encoded Kurdish Characters
(2016)
Presentation / Conference Contribution
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search