Summaries - Office of Research & Innovation
Research Summaries
Back Transport-Layer ID of Botnets and Malicious Traffic
Fiscal Year | 2011 |
Division | Graduate School of Operational & Information Sciences |
Department | Computer Science |
Investigator(s) |
Beverly, Robert E.
Xie, Geoffrey G. |
Sponsor | Cisco Systems, Inc. (Other) |
Summary | We propose a unique approach to detecting and mitigating botnet activity within the network core via transport-level (e.g. TCP) traffic signal analysis. Our key insight is that local botnet behaviour manifests remotely as a discriminative signal. Rather than examining easily forged and abundant IP addresses, or attempting to hone-in on command-and-control or content signatures, our proof-of-concept technique is distinct from current practice and research. Using statistical signal characterization methods, we believe we can exploit botnets' basic requirements to source large amounts of data, be it attacks, spam or other malicious traffic. The resulting traffic signal provides a difficult-to-subvert discriminator. |
Keywords | |
Publications | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |
Data | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |