EFFORT: A new host-network cooperated framework for efficient and effective bot malware detection
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Shin, Seungwon | ko |
| dc.contributor.author | Xu, Zhaoyan | ko |
| dc.contributor.author | Gu, Guofei | ko |
| dc.date.accessioned | 2016-04-20T06:36:04Z | - |
| dc.date.available | 2016-04-20T06:36:04Z | - |
| dc.date.created | 2015-12-30 | - |
| dc.date.created | 2015-12-30 | - |
| dc.date.created | 2015-12-30 | - |
| dc.date.created | 2015-12-30 | - |
| dc.date.issued | 2013-09 | - |
| dc.identifier.citation | COMPUTER NETWORKS, v.57, no.13, pp.2628 - 2642 | - |
| dc.identifier.issn | 1389-1286 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/205460 | - |
| dc.description.abstract | Bots are still a serious threat to Internet security. Although a lot of approaches have been proposed to detect bots at host or network level, they still have shortcomings. Host-level approaches can detect bots with high accuracy. However they usually pose too much overhead on the host. While network-level approaches can detect bots with less overhead, they have problems in detecting bots with encrypted, evasive communication CC channels. In this paper, we propose EFFORT, a new host-network cooperated detection framework attempting to overcome shortcomings of both approaches while still keeping both advantages, i.e., effectiveness and efficiency. Based on intrinsic characteristics of bots, we propose a multi-module approach to correlate information from different host- and network-level aspects and design a multi-layered architecture to efficiently coordinate modules to perform heavy monitoring only when necessary. We have implemented our proposed system and evaluated on real-world benign and malicious programs running on several diverse real-life office and home machines for several days. The final results show that our system can detect all 17 real-world bots (e.g., Waledac, Storm) with low false positives (0.68%) and with minimal overhead. We believe EFFORT raises a higher bar and this host-network cooperated design represents a timely effort and a right direction in the malware battle. | - |
| dc.language | English | - |
| dc.publisher | ELSEVIER SCIENCE BV | - |
| dc.title | EFFORT: A new host-network cooperated framework for efficient and effective bot malware detection | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000324349900011 | - |
| dc.identifier.scopusid | 2-s2.0-84880918090 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 57 | - |
| dc.citation.issue | 13 | - |
| dc.citation.beginningpage | 2628 | - |
| dc.citation.endingpage | 2642 | - |
| dc.citation.publicationname | COMPUTER NETWORKS | - |
| dc.identifier.doi | 10.1016/j.comnet.2013.05.010 | - |
| dc.contributor.localauthor | Shin, Seungwon | - |
| dc.contributor.nonIdAuthor | Xu, Zhaoyan | - |
| dc.contributor.nonIdAuthor | Gu, Guofei | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Botnet | - |
| dc.subject.keywordAuthor | Botnet detection | - |
| dc.subject.keywordAuthor | Network security | - |
- Appears in Collection
- EE-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 11 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.