Collaborative Approach for Inter-domain Botnet Detection in Large-scale Networks

Hachem Guerid, Karel Mittig, Ahmed Serhrouchni
2013 Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing  
The members of almost all botnets are distributed between several networks. Such distribution hardens their detection as the centralized approaches require to centralize network data for their analysis, which is indeed not possible in regard to the legacy and business constraints applied to network operators. In this paper, we propose a collaborative and inter-domain botnet detection system which conciliates the requirements of privacy and business preservation, while enabling realtime analysis
more » ... for large scale networks. The different probes of our collaborative detection system exchange anonymised information in order to synchronize the network analysis of the members of botnets and to identify the malicious servers controlling them. We evaluated our system using anonymised traffic captured on an operator's network, and the results showed an improvement of 31% of malicious servers detected resulting from the collaboration, and this without significant performance impact and bandwidth overhead (respectively 4% and 11kb/s).
doi:10.4108/icst.collaboratecom.2013.254051 dblp:conf/colcom/GueridMS13 fatcat:suzy45jkyvdifjinztpqjy3ysq