BotNet Detection Using Hidden Markov Model within Flow Intervals

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

Zamani Danalou Sara Sadat; AFSHARCHI MOHSEN; Solouk Vahid

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: TABRIZ JOURNAL OF ELECTRICAL ENGINEERING Year:2020 | Volume:50 | Issue:1 (91) Page(s): 177-194

Download Full-Text

Persian Verion

View:

370

Download:

Cites:

Information Journal Paper

Title

BotNet Detection Using Hidden Markov Model within Flow Intervals

Author(s)

Zamani Danalou Sara Sadat | AFSHARCHI MOHSEN | Solouk Vahid | Issue Writer Certificate

Keywords

Botnet detectionQ1

Hidden Markov ModelQ2

time intervalQ1

flow intervalQ1

network flowQ1

command and control stageQ1

Abstract

Botnets are known to be among the most popular malwares in cyber criminals for their practicality in carrying many cybercrimes as reported in the recent news. While many detection schemes have been developed, botnets remain the most powerful attack platform by constantly and continuously adopting new techniques and strategies. Thus, early identification and timely detection of botnets can take an effective step towards making perfect defense system. Most of existing Botnet detection methods cannot detect botnets in real-time and in an early stage of their lifecycle before participating in a cyber-crime. In this work, we propose a novel approach to detect the BlackEnergy botnet traffic using Hidden Markov Model (HMM) within flow intervals. In BlackEnergy, bots are controlled by attackers under a HTTP base command and control (C&C) infrastructure. First we analysis BlackEnergy’ s network traffic and extract its main features and network behavior patterns. Then we adapt the proposed HMM model with BlackEnergy botnet patterns and features. In addition to detecting the botnet communication traffic in both Attack and C&C stages, inferred HMM defines the stage of botnet lifecycle. Our proposed method detects botnet activity in small time intervals without having seen a complete network flow. Using existing datasets, we show experimentally that it is possible to identify the presence of botnets activity with high accuracy even in very small time windows.

Cites

No record.

References

No record.

Cite

APA: Copy

Zamani Danalou, Sara Sadat, AFSHARCHI, MOHSEN, & Solouk, Vahid. (2020). BotNet Detection Using Hidden Markov Model within Flow Intervals. TABRIZ JOURNAL OF ELECTRICAL ENGINEERING, 50(1 (91) ), 177-194. SID. https://sid.ir/paper/385188/en

Vancouver: Copy

Zamani Danalou Sara Sadat, AFSHARCHI MOHSEN, Solouk Vahid. BotNet Detection Using Hidden Markov Model within Flow Intervals. TABRIZ JOURNAL OF ELECTRICAL ENGINEERING[Internet]. 2020;50(1 (91) ):177-194. Available from: https://sid.ir/paper/385188/en

IEEE: Copy

Sara Sadat Zamani Danalou, MOHSEN AFSHARCHI, and Vahid Solouk, “BotNet Detection Using Hidden Markov Model within Flow Intervals,” TABRIZ JOURNAL OF ELECTRICAL ENGINEERING, vol. 50, no. 1 (91) , pp. 177–194, 2020, [Online]. Available: https://sid.ir/paper/385188/en

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops