Return to search

BotDet: a system for real time Botnet command and control traffic detection

Yes / Over the past decade, the digitization of services transformed the healthcare sector leading to
a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value
of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware
have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to
the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can
be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet,
for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical
ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed
four detection modules to detect different possible techniques used in botnet C&C communications and
2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection
modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate
with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection.

Identiferoai:union.ndltd.org:BRADFORD/oai:bradscholars.brad.ac.uk:10454/17617
Date24 January 2020
CreatorsGhafir, Ibrahim, Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., Jaf, S.
Source SetsBradford Scholars
LanguageEnglish
Detected LanguageEnglish
TypeArticle, Published version
RightsThis work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/

Page generated in 0.0169 seconds