Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model
In the current computer era, spam, DDoS and phishing are familiar complications on the Internet. Once, attackers tended to make use of centralized high bandwidth associations to achieve their tasks. At present, even home users have high bandwidth internet connections, attackers have started infecting and using these home computers for their attacks. Attacking from distributed places, attackers are harder to catch or prevent and typically have more bandwidth to abuse. New schemes are required to sense the forming of these widespread networks of infected hosts, particularly now that it seems attackers have discovered the peer-to-peer (P2P) technology. They develop new features like P2P Command and Control (C&C), which makes conventional detection methods no longer efficient for indicating the existence of the bots. Here, a system is proposed that accurately and competently detects the existence of storm botnet. In this paper, based on a number of new P2P botnet characteristic properties, a novel real-time detecting model ? MSFM (Multi-Stream Fused Model) is proposed. MSFM considers multiple categories of packets? unique characteristics and handle them with equivalent strategies. Experiment results demonstrate that this model can accurately detect botnet with comparatively low false-positive and false-negative rates.
Keywords: Centralized Botnet, Discrete Kalman Filter, Multi-Chart CUSUM, P2P Command and Control.
Volume: 7 | Issue: 2
Issue Date: May , 2017