Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, A. Ghorbani
{"title":"BotViz:一种基于内存取证的僵尸网络检测和可视化方法","authors":"Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, A. Ghorbani","doi":"10.1109/CCST.2017.8167804","DOIUrl":null,"url":null,"abstract":"Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"BotViz: A memory forensic-based botnet detection and visualization approach\",\"authors\":\"Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, A. Ghorbani\",\"doi\":\"10.1109/CCST.2017.8167804\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.\",\"PeriodicalId\":371622,\"journal\":{\"name\":\"2017 International Carnahan Conference on Security Technology (ICCST)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Carnahan Conference on Security Technology (ICCST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2017.8167804\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2017.8167804","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
BotViz: A memory forensic-based botnet detection and visualization approach
Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
