Research Summaries

Back Transport-Layer ID of Botnets and Malicious Traffic

Fiscal Year 2011
Division Graduate School of Operational & Information Sciences
Department Computer Science
Investigator(s) Beverly, Robert E.
Xie, Geoffrey G.
Sponsor Cisco Systems, Inc. (Other)
Summary We propose a unique approach to detecting and mitigating botnet activity within the network core via transport-level (e.g. TCP) traffic signal analysis. Our key insight is that local botnet behaviour manifests remotely as a discriminative signal. Rather than examining easily forged and abundant IP addresses, or attempting to hone-in on command-and-control or content signatures, our proof-of-concept technique is distinct from current practice and research. Using statistical signal characterization methods, we believe we can exploit botnets' basic requirements to source large amounts of data, be it attacks, spam or other malicious traffic. The resulting traffic signal provides a difficult-to-subvert discriminator.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal