Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks

Abstract :

The members of almost all botnets are distributed between several networks. Such distribution hardens their detection as the centralized approaches require to centralize network data for their analysis, which is indeed not possible in regard to the legacy and business constraints applied to network operators. In this paper, we propose a collaborative and inter-domain botnet detection system which conciliates the requirements of privacy and business preservation, while enabling realtime analysis for large scale networks. The different probes of our collaborative detection system exchange anonymised information in order to synchronize the network analysis of the members of botnets and to identify the malicious servers controlling them. We evaluated our system using anonymised traffic captured on an operator's network, and the results showed an improvement of 31% of malicious servers detected resulting from the collaboration, and this without significant performance impact and bandwidth overhead (respectively 4% and 11kb/s).

Complete list of metadatas

https://hal.telecom-paristech.fr/hal-02287839
Contributor : Telecomparis Hal <>
Submitted on : Friday, September 13, 2019 - 5:24:58 PM
Last modification on : Monday, September 23, 2019 - 3:57:12 PM

Identifiers

  • HAL Id : hal-02287839, version 1

Collections

Citation

Hachem Guerid, Karel Mittig, Ahmed Serhrouchni. Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks. 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Oct 2013, Austin, TX, United States. ⟨hal-02287839⟩

Share

Metrics

Record views

4