Detecting Botnets with Timing-Based Covert Command and Control Channels

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

Jalaei R.; Hasani Ahangar M. R.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: JOURNAL OF ELECTRONIC AND CYBER DEFENCE Year:2020 | Volume:7 | Issue:4 Page(s): 1-15

Download Full-Text

Persian Verion

View:

411

Download:

Cites:

Information Journal Paper

Title

Detecting Botnets with Timing-Based Covert Command and Control Channels

Author(s)

Jalaei R. | Hasani Ahangar M. R. | Issue Writer Certificate

Keywords

BotnetQ1

Covert channelQ1

Covert timming channelQ1

Similarity matrixQ1

EntropyQ1

Corrected conditional entropyQ1

Abstract

Nowadays, Botnets have become an inconsistency in the process of exchanging information and tampering network resources. Botnet detection methods have always faced challenges and have been investigated and promoted as subjects of research. The main characteristics of Botnets is the command and control (C&C) channel through which a botmaster sends malicious commands to the victim's system. By detecting the C&C channel of a Botnet, the Botnet is not essentially able to communicate with the botmaster and loses its efficiency. For this reason, botmasters try to evade detection by using a variety of methods. Covert command and control channel is a concept that the new generation of Botnets use to hide their communications. In this paper, a Botnet is proposed, in which botmaster’ s commands are sent by using Inter Packet Delays (IPDs) and their sequences. The commands are sent via a timing-based covert command and control channel. In the following, a detection method is proposed by applying the concept of group activity of bots. A three-layer architecture is proposed which consists of traffic data collection and processing, pattern processing, and two-step detection methods. Using the two-step detection method including Similarity matrix and Entropy, hosts infected with the bot are detected. To evaluate the method, five covert timing channels are simulated and each of them is used to send botmaster commands. The results of the experiments showed the effectiveness of the detection method with the minimum number of two bots in the network.

Cites

No record.

References

No record.

Cite

APA: Copy

Jalaei, R., & Hasani Ahangar, M. R.. (2020). Detecting Botnets with Timing-Based Covert Command and Control Channels. JOURNAL OF ELECTRONIC AND CYBER DEFENCE, 7(4 ), 1-15. SID. https://sid.ir/paper/362758/en

Vancouver: Copy

Jalaei R., Hasani Ahangar M. R.. Detecting Botnets with Timing-Based Covert Command and Control Channels. JOURNAL OF ELECTRONIC AND CYBER DEFENCE[Internet]. 2020;7(4 ):1-15. Available from: https://sid.ir/paper/362758/en

IEEE: Copy

R. Jalaei, and M. R. Hasani Ahangar, “Detecting Botnets with Timing-Based Covert Command and Control Channels,” JOURNAL OF ELECTRONIC AND CYBER DEFENCE, vol. 7, no. 4 , pp. 1–15, 2020, [Online]. Available: https://sid.ir/paper/362758/en

Related Journal Papers