Close menu

SURE

Sunderland Repository records the research produced by the University of Sunderland including practice-based research and theses.

BotDet: A System for Real Time Botnet Command and Control Traffic Detection

Ghafir, Ibrahim, Prenosil, Vaclv, Hammoudeh, Mohammad, Baker, Thar, Jabbar, Sohail, Khalid, Shehzad and Jaf, Sardar (2018) BotDet: A System for Real Time Botnet Command and Control Traffic Detection. IEEE Access Open Access, 6 (1). pp. 38947-38958. ISSN 2169-3536

Item Type: Article

Abstract

Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed sytsem: (i) we have developed four detection modules to detect different possible techniques used in botnet C&C communications; (ii) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6% respectively. Furthermore, it proves BotDet capability of real time detection.

[img]
Preview
PDF
BotDetA System for Real Time Botnet Command and Control Traffic Detection.pdf - Published Version
Available under License Creative Commons Attribution.

Download (4MB) | Preview

More Information

Depositing User: Sardar Jaf

Identifiers

Item ID: 10451
Identification Number: https://doi.org/10.1109/ACCESS.2018.2846740
ISSN: 2169-3536
URI: http://sure.sunderland.ac.uk/id/eprint/10451
Official URL: https://ieeexplore.ieee.org/document/8384239

Users with ORCIDS

Catalogue record

Date Deposited: 05 Mar 2019 11:35
Last Modified: 15 Dec 2020 12:30

Contributors

Author: Ibrahim Ghafir
Author: Vaclv Prenosil
Author: Mohammad Hammoudeh
Author: Thar Baker
Author: Sohail Jabbar
Author: Shehzad Khalid
Author: Sardar Jaf

University Divisions

Faculty of Technology

Subjects

Computing > Cybersecurity
Computing > Information Systems
Computing > Network Computing
Computing > Programming

Actions (login required)

View Item View Item