Boosting the scalability of botnet detection using adaptive traffic sampling

Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee, Nick Feamster

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Scopus citations

Abstract

Botnets pose a serious threat to the health of the Internet. Most current network-based botnet detection systems require deep packet inspection (DPI) to detect bots. Because DPI is a computational costly process, such detection systems cannot handle large volumes of traffic typical of large enterprise and ISP networks. In this paper we propose a system that aims to efficiently and effectively identify a small number of suspicious hosts that are likely bots. Their traffic can then be forwarded to DPI-based botnet detection systems for fine-grained inspection and accurate botnet detection. By using a novel adaptive packet sampling algorithm and a scalable spatial-temporal ow correlation approach, our system is able to substantially reduce the volume of network trafic that goes through DPI, thereby boosting the scalability of existing botnet detection systems. We implemented a proof-of-concept version of our system, and evaluated it using real-world legitimate and botnet-related network traces. Our experimental results are very promising and suggest that our approach can enable the deployment of botnet-detection systems in large, high-speed networks.

Original languageEnglish (US)
Title of host publicationProceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011
PublisherAssociation for Computing Machinery
Pages124-134
Number of pages11
ISBN (Print)9781450305648
DOIs
StatePublished - 2011
Event6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011 - Hong Kong, China
Duration: Mar 22 2011Mar 24 2011

Publication series

NameProceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011

Other

Other6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011
Country/TerritoryChina
CityHong Kong
Period3/22/113/24/11

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications

Keywords

  • Adaptive sampling
  • Botnet
  • Intrusion detection
  • Network security

Fingerprint

Dive into the research topics of 'Boosting the scalability of botnet detection using adaptive traffic sampling'. Together they form a unique fingerprint.

Cite this