A graph‐theoretic framework for isolating botnets in a network. Issue 16 (28th February 2012)
- Record Type:
- Journal Article
- Title:
- A graph‐theoretic framework for isolating botnets in a network. Issue 16 (28th February 2012)
- Main Title:
- A graph‐theoretic framework for isolating botnets in a network
- Authors:
- Jaikumar, Padmini
Kak, Avinash C. - Abstract:
- <abstract abstract-type="main"> <title>Abstract</title> <p>We present a new graph‐based approach for the detection and isolation of botnets in a computer network. Our approach depends primarily on the temporal co‐occurrences of malicious activities across the computers in a network and is independent of botnet architectures and the means used for their command and control. As practically all aspects of how a botnet manifests itself in a network—such as the online bot population, bot lifetimes, and the duration and the choice of malicious activities ordered by the bot master—can be expected to vary significantly with time, our approach includes mechanisms that allow the graph representing the infected computers to evolve with time. With regard to how such a graph varies with time, of particular importance are the edge weights that are derived from the temporal co‐occurrences of malicious activities at the endpoints of the edges. A unique advantage of our graph‐based representation of the infected computers is that it allows us to use graph‐partitioning algorithms to separate out the different botnets when a network is infected with multiple botnets at the same time. We have validated our approach by applying it to the isolation of simulated botnets, with the simulations based on a new unified temporal botnet model that incorporates the current best understanding about how botnets behave, about the lifetimes of bots, and about the growth and decay of botnets. We also validate<abstract abstract-type="main"> <title>Abstract</title> <p>We present a new graph‐based approach for the detection and isolation of botnets in a computer network. Our approach depends primarily on the temporal co‐occurrences of malicious activities across the computers in a network and is independent of botnet architectures and the means used for their command and control. As practically all aspects of how a botnet manifests itself in a network—such as the online bot population, bot lifetimes, and the duration and the choice of malicious activities ordered by the bot master—can be expected to vary significantly with time, our approach includes mechanisms that allow the graph representing the infected computers to evolve with time. With regard to how such a graph varies with time, of particular importance are the edge weights that are derived from the temporal co‐occurrences of malicious activities at the endpoints of the edges. A unique advantage of our graph‐based representation of the infected computers is that it allows us to use graph‐partitioning algorithms to separate out the different botnets when a network is infected with multiple botnets at the same time. We have validated our approach by applying it to the isolation of simulated botnets, with the simulations based on a new unified temporal botnet model that incorporates the current best understanding about how botnets behave, about the lifetimes of bots, and about the growth and decay of botnets. We also validate our algorithm on real network traces. Our results indicate that our framework can isolate botnets in a network under varying conditions with a high degree of accuracy. Copyright © 2012 John Wiley &amp; Sons, Ltd.</p> </abstract> … (more)
- Is Part Of:
- Security and communication networks. Volume 8:Issue 16(2015)
- Journal:
- Security and communication networks
- Issue:
- Volume 8:Issue 16(2015)
- Issue Display:
- Volume 8, Issue 16 (2015)
- Year:
- 2015
- Volume:
- 8
- Issue:
- 16
- Issue Sort Value:
- 2015-0008-0016-0000
- Page Start:
- 2605
- Page End:
- 2623
- Publication Date:
- 2012-02-28
- Subjects:
- Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.500 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 4254.xml