A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf
.
Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems
2011
2011 Conference on Network and Information Systems Security
The purpose of this paper is the modelization and simulation of zombie machines for the evaluation of Network Intrusion Detection Systems (NIDS), used to detect botnets. We propose an automatic method to infer zombies behaviours through the analysis of messages exchanged with their masters. Once computed, a model provides a solution to generate realistic and manageable traffic, which is mandatory for an NIDS evaluation. We propose to use a Stochastic Mealy Machine to model zombies behaviour,
doi:10.1109/sar-ssi.2011.5931397
fatcat:ecz6j346srfcdcpjyjcczskh2q