Prototyping Distributed Botnet Detection System in Computer Networks

2022 5th International Conference on Computing and Informatics (ICCI) Pub Date : 2022-03-09 DOI:10.1109/icci54321.2022.9756127

Muhammad Aidiel Rachman Putra, T. Ahmad, R. Ijtihadie, Dandy Pramana Hostiadi

{"title":"Prototyping Distributed Botnet Detection System in Computer Networks","authors":"Muhammad Aidiel Rachman Putra, T. Ahmad, R. Ijtihadie, Dandy Pramana Hostiadi","doi":"10.1109/icci54321.2022.9756127","DOIUrl":null,"url":null,"abstract":"Being dangerous threats and attacks in this cyber era, botnets require proper handling. Nevertheless, some bot detection models that have been proposed are centralized and can only detect at one point of attack, even though there are two known types of botnet activity: single and bot group. In fact, attacks from grouped bots can have a series of attacks with the same pattern at several different attack targets. So, it requires a distributed detection model that can detect bot attacks on some detection sensors and assemble them in the form of correlation analysis. This paper proposes a prototype distributed botnet detection model that can synchronize detection in each detection sensor and analyze a series of bot attack activities. It aims to obtain information on the series of attacks that occur at several attack points and state as a correlated botnet attack scenario. With the existence of a distributed botnet activity detection prototype, it will be able to facilitate the analysis and anticipation process from the system and network security administrators.","PeriodicalId":122550,"journal":{"name":"2022 5th International Conference on Computing and Informatics (ICCI)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 5th International Conference on Computing and Informatics (ICCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/icci54321.2022.9756127","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Being dangerous threats and attacks in this cyber era, botnets require proper handling. Nevertheless, some bot detection models that have been proposed are centralized and can only detect at one point of attack, even though there are two known types of botnet activity: single and bot group. In fact, attacks from grouped bots can have a series of attacks with the same pattern at several different attack targets. So, it requires a distributed detection model that can detect bot attacks on some detection sensors and assemble them in the form of correlation analysis. This paper proposes a prototype distributed botnet detection model that can synchronize detection in each detection sensor and analyze a series of bot attack activities. It aims to obtain information on the series of attacks that occur at several attack points and state as a correlated botnet attack scenario. With the existence of a distributed botnet activity detection prototype, it will be able to facilitate the analysis and anticipation process from the system and network security administrators.

查看原文本刊更多论文

计算机网络中的分布式僵尸网络检测系统原型开发

作为网络时代的危险威胁和攻击，僵尸网络需要妥善处理。然而，尽管僵尸网络活动有两种已知类型：单个僵尸和僵尸群，但已提出的一些僵尸检测模型是集中式的，只能在一个攻击点进行检测。事实上，来自僵尸群的攻击可以在多个不同的攻击目标上以相同的模式发起一系列攻击。因此，这就需要一种分布式检测模型，能够检测到一些检测传感器上的僵尸攻击，并以关联分析的形式将它们组合起来。本文提出了一种分布式僵尸网络检测模型原型，它可以同步检测每个检测传感器，并分析一系列僵尸攻击活动。其目的是获取在多个攻击点发生的一系列攻击信息，并将其作为相关的僵尸网络攻击场景。有了分布式僵尸网络活动检测原型，就能为系统和网络安全管理员的分析和预测过程提供便利。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 5th International Conference on Computing and Informatics (ICCI)

自引率

0.00%

发文量