Detecting Botnets using a Collaborative Situational-aware IDPS

M. Lisa Mathews; Anupam Joshi; Tim Finin

doi:10.5220/0005684902900298

Detecting Botnets using a Collaborative Situational-aware IDPS

M. Lisa Mathews, Anupam Joshi, Tim Finin

2016

Abstract

Botnet attacks turn susceptible victim computers into bots that perform various malicious activities while under the control of a botmaster. Some examples of the damage they cause include denial of service, click fraud, spamware, and phishing. These attacks can vary in the type of architecture and communication protocol used, which might be modified during the botnet lifespan. Intrusion detection and prevention systems are one way to safeguard the cyber-physical systems we use, but they have difficulty detecting new or modified attacks, including botnets. Only known attacks whose signatures have been identified and stored in some form can be discovered by most of these systems. Also, traditional IDPSs are point-based solutions incapable of utilizing information from multiple data sources and have difficulty discovering new or more complex attacks. To address these issues, we are developing a semantic approach to intrusion detection that uses a variety of sensors collaboratively. Leveraging information from these heterogeneous sources leads to a more robust, situational-aware IDPS that is better equipped to detect complicated attacks such as botnets.

Download

Paper Citation

in Harvard Style

Mathews M., Joshi A. and Finin T. (2016). Detecting Botnets using a Collaborative Situational-aware IDPS . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 290-298. DOI: 10.5220/0005684902900298

in Bibtex Style

@conference{icissp16,
author={M. Lisa Mathews and Anupam Joshi and Tim Finin},
title={Detecting Botnets using a Collaborative Situational-aware IDPS},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={290-298},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005684902900298},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Detecting Botnets using a Collaborative Situational-aware IDPS
SN - 978-989-758-167-0
AU - Mathews M.
AU - Joshi A.
AU - Finin T.
PY - 2016
SP - 290
EP - 298
DO - 10.5220/0005684902900298