Using Behavioral Similarity for Botnet Command-and-Control Discovery

Citations Over TimeTop 22% of 2016 papers

Abstract

Malware authors and operators typically collaborate to achieve the optimal profit. They also frequently change their behavior and resources to avoid detection. The authors propose a social similarity metrics that exploits these relationships to improve the effectiveness and stability of the threat propagation algorithm typically used to discover malicious collaboration. Furthermore, they propose behavioral modeling as a way to group similarly behaving servers, enabling extension of the ground truth that's so expensive to obtain in the field of network security. The authors also show that seeding the threat propagation algorithm from a set of coherently behaving servers (instead of from a single known malicious server identified by threat intelligence) makes the algorithm far more effective and significantly more robust, without compromising the precision of findings.

Related Papers

• → Study on Advanced Botnet Based on Publicly Available Resources(2018)8 cited
• → Defense Strategies Against Modern Botnets(2009)13 cited
• → Bot armies as threats to network security(2007)1 cited
• → Capability Analysis of Internet of Things (IoT) Devices in Botnets and Implications for Cyber Security Risk Assessment Processes(2020)
• → Robot Networks and Their Impact on Cyber Security and Protection from Attacks: A Review(2021)