News & Events

ATG seminar series - Sebastian García

ATG seminar series presents

Detecting Botnets by Modeling their Network Behaviors

by Sebastian García

Time: Thursday, November 27 at 10:30 in room KN:205


The growing number of attacks supported by the botnets and malware
infrastructure is a strong motivation to continue our research of
better detection methods. However, detecting the malware traffic is a
highly difficult and challenging task. The main reasons for this
difficulty are the complexity of the botnet systems, the human factor,
the base-rate fallacy, the generalization problem and the verification
problem. In this thesis dissertation we present three different botnet
detection proposals. Each proposal highlights the need of a labeled
and real dataset, the importance of a correct evaluation, the analysis
of errors and the reporting of results. The last proposal is a
behavioral-based network traffic model that can characterize and
detect the botnet traffic by identifying specific malicious behaviors.
To create our method we analyzed dozens of large botnet captures in
our Malware Capture Facility Project and we extracted the inherent
characteristics of their time-based behaviors. Our Markov Chains-based
detection method was compared and verified in real captures with
normal, botnet and unknown traffic. Our results encourage us to
continue this research into a future free software Behavioral IPS.