Title: "Botnet Command and Control Traffic Detection Challenges: A Correlation-based Solution"
         

DOI: 10.15224/978-1-63248-113-9-01
Page(s): 1 - 5
Authors: IBRAHIM GHAFIR, VACLAV PRENOSIL, MOHAMMAD HAMMOUDEH

Abstract

While high-speed computer networking and the Internet brought great convenience, a number of security challenges also emerged with these technologies. Amongst different computer network security threats, like viruses and worms, botnets have become one of the most malicious threats over the Internet. In this paper, we describe key research challenges in developing effective intrusion detection systems for botnet command and control traffic detection. Then, we outline a new approach to address such challenges, which is based on voting between intrusion detection methods to collaboratively identify command and control traffic. Each detection method analyzes the network traffic to detect one technique used for command and control communications. Four detection methods are initially investigated, these are: malicious IP address, malicious SSL certificate, domain flux and Tor connection detection. Initial analysis shows that the proposed voting-based intrusion detection significantly reduces the number of false positive alerts.