Detecting encrypted botnet traffic
INFOCOM Workshops(2013)
摘要
Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding highentropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.
更多查看译文
关键词
deep packet inspection,high-entropy classifiers,cryptography,dpi,inspection,bot visibility,computer network security,bothunter,high-entropy detectors,encryption,bot detection tool,bot detection methods,telecommunication traffic,peer-to-peer computing,entropy,advanced hybrid peer-to-peer botnet,bothunter enhancement,encrypted botnet traffic detection,payloads,detectors,malware
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要