Vol. 14, No. 10, October 31, 2020
10.3837/tiis.2020.10.014,
Download Paper (Free):
Abstract
Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a
similar target and activity pattern is called bot group activities. The detection of bot group
activities using intrusion detection models can only detect single bot activities but cannot
detect bots' behavioral relation on bot group attack. Detection of bot group activities could
help network administrators isolate an activity or access a bot group attacks and determine the
relations between bots that can measure the correlation. This paper proposed a new model to
measure the similarity between bot activities using the intersections-probability concept to
define bot group activities called as B-Corr Model. The B-Corr model consisted of several
stages, such as extraction feature from bot activity flows, measurement of intersections
between bots, and similarity value production. B-Corr model categorizes similar bots with a
similar target to specify bot group activities. To achieve a more comprehensive view, the
B-Corr model visualizes the similarity values between bots in the form of a similar bot graph.
Furthermore, extensive experiments have been conducted using real botnet datasets with high
detection accuracy in various scenarios.
Statistics
Show / Hide Statistics
Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.
Cite this article
[IEEE Style]
D. P. Hostiadi, W. Wibisono, T. Ahmad, "B-Corr Model for Bot Group Activity Detection Based on Network Flows Traffic Analysis," KSII Transactions on Internet and Information Systems, vol. 14, no. 10, pp. 4176-4197, 2020. DOI: 10.3837/tiis.2020.10.014.
[ACM Style]
Dandy Pramana Hostiadi, Waskitho Wibisono, and Tohari Ahmad. 2020. B-Corr Model for Bot Group Activity Detection Based on Network Flows Traffic Analysis. KSII Transactions on Internet and Information Systems, 14, 10, (2020), 4176-4197. DOI: 10.3837/tiis.2020.10.014.
[BibTeX Style]
@article{tiis:23926, title="B-Corr Model for Bot Group Activity Detection Based on Network Flows Traffic Analysis", author="Dandy Pramana Hostiadi and Waskitho Wibisono and Tohari Ahmad and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2020.10.014}, volume={14}, number={10}, year="2020", month={October}, pages={4176-4197}}