Deakin home > Deakin University Library > Deakin Research Online > Can we beat legitimate cyber behavior mimicking attacks from botnets?

Can we beat legitimate cyber behavior mimicking attacks from botnets?

Yu, Shui, Guo, Song and Stojmenovic, Ivan 2012, Can we beat legitimate cyber behavior mimicking attacks from botnets?, in INFOCOM 2012 : Proceedings of the 31st IEEE INFOCOM conference, IEEE Computer Society, Los Alamitos, Calif., pp. 2851-2855.

Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title Can we beat legitimate cyber behavior mimicking attacks from botnets?
Author(s) Yu, Shui
Guo, Song
Stojmenovic, Ivan
Conference name IEEE Conference on Computer Communications (31st : 2012 : Orlando, Fla.)
Conference location Orlando, Fla.
Conference dates 25-30 Mar. 2012
Title of proceedings INFOCOM 2012 : Proceedings of the 31st IEEE INFOCOM conference
Editor(s) [Unknown]
Publication date 2012
Conference series IEEE Conference on Computer Communications
Start page 2851
End page 2855
Total pages 5
Publisher IEEE Computer Society
Place of publication Los Alamitos, Calif.
Keyword(s) botnet
detection
flash crowd attack
mimicking attack
Summary Botnets are the engine for malicious activities in cyber space. In order to sustain their botnets and disguise their illegal actions, botnet owners are exhausting their strength to mimic legitimate cyber behavior to fly under the radar, e.g. flash crowd mimicking attacks on popular websites. It is an open and challenging problem: can we beat mimicking attacks or not? We use web browsing on popular websites as an example to explore the issue. In our previous work, we discovered that it is almost impossible to detect mimicking attacks from statistics if the number of active bots of a botnet is sufficient (no less than the number of active legitimate users). In this paper, we pointed out that it is usually hard for botnet owners to have sufficient number of active bots in practice. Therefore, we can discriminate mimicking attacks when the sufficient number condition is not met. We prove our claim theoretically and confirm it with simulations. Our findings can also be applied to a large number of other detection related cases.
ISBN 9781467307734
9781467307758
Language eng
Field of Research 089999 Information and Computing Sciences not elsewhere classified
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1 Full written paper - refereed
Copyright notice ©2012, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30049218

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 21 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Thu, 01 Nov 2012, 13:11:21 EST