@inproceedings{7aafadcbd2f945efb8fb134d1924e535,
title = "Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis",
abstract = "The detection and isolation of peer-to-peer botnets is an ongoing problem. We propose a novel technique for detecting P2P botnets. Detection is based on unifying behavioural analysis with structured graph analysis. First, our inference technique exploits a fundamental property of botnet design. Modern botnets use peer-to-peer communication topologies which are fundamental to botnet resilience. Second, our technique extends conventional graph-based detection by incorporating behavioural analysis into structured graph analysis, thus unifying graph-theoretic detection with behavioural detection under a single algorithmic framework. We carried out evaluation over real-world P2P botnet traffic and show that the resulting algorithm can localise the majority of bots with low false-positive rate.",
keywords = "behavioural analysis, botnet detection, graph theory, traffic analysis, security of data, security systems, malware",
author = "Shishir Nagaraja",
year = "2014",
month = jan,
day = "1",
doi = "10.1007/978-3-319-11212-1_25",
language = "English",
isbn = "9783319112114",
volume = "8713",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
number = "PART 2",
pages = "439--456",
editor = "M. Kuty{\l}owski and {Vaidya }, J.",
booktitle = "Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings",
edition = "PART 2",
note = "19th European Symposium on Research in Computer Security, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",
}