TY - GEN
T1 - A collaborative approach to botnet protection
AU - Stevanovic, Matija
AU - Revsbech, Kasper
AU - Pedersen, Jens Myrup
AU - Sharp, Robin
AU - Damsgaard Jensen, Christian
PY - 2012/8/20
Y1 - 2012/8/20
N2 - Botnets are collections of compromised computers which have come under the control of a malicious person or organisation via malicious software stored on the computers, and which can then be used to interfere with, misuse, or deny access to a wide range of Internet-based services. With the current trend towards increasing use of the Internet to support activities related to banking, commerce, healthcare and public administration, it is vital to be able to detect and neutralise botnets, so that these activities can continue unhindered. In this paper we present an overview of existing botnet detection techniques and argue why a new, composite detection approach is needed to provide efficient and effective neutralisation of botnets. This approach should combine existing detection efforts into a collaborative botnet protection framework that receives input from a range of different sources, such as packet sniffers, on-access anti-virus software and behavioural analysis of network traffic, computer sub-systems and application programs. Finally, we introduce ContraBot, a collaborative botnet detection framework which combines approaches that analyse network traffic to identify patterns of botnet activity with approaches that analyse software to detect items which are capable of behaving maliciously. © 2012 IFIP International Federation for Information Processing.
AB - Botnets are collections of compromised computers which have come under the control of a malicious person or organisation via malicious software stored on the computers, and which can then be used to interfere with, misuse, or deny access to a wide range of Internet-based services. With the current trend towards increasing use of the Internet to support activities related to banking, commerce, healthcare and public administration, it is vital to be able to detect and neutralise botnets, so that these activities can continue unhindered. In this paper we present an overview of existing botnet detection techniques and argue why a new, composite detection approach is needed to provide efficient and effective neutralisation of botnets. This approach should combine existing detection efforts into a collaborative botnet protection framework that receives input from a range of different sources, such as packet sniffers, on-access anti-virus software and behavioural analysis of network traffic, computer sub-systems and application programs. Finally, we introduce ContraBot, a collaborative botnet detection framework which combines approaches that analyse network traffic to identify patterns of botnet activity with approaches that analyse software to detect items which are capable of behaving maliciously. © 2012 IFIP International Federation for Information Processing.
UR - http://www.scopus.com/inward/record.url?scp=84865661798&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-32498-7_47
DO - 10.1007/978-3-642-32498-7_47
M3 - Article in proceeding
SN - 978-3-642-32497-0
VL - 7465
T3 - Lecture Notes in Computer Science
SP - 624
EP - 638
BT - Multidisciplinary Research and Practice for Information Systems
PB - Springer
T2 - International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES 2012
Y2 - 20 August 2012 through 24 August 2012
ER -