Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation
In this paper,we propose a novel method to detect encrypted bother traffic.During the traffic preprocessing stage,the proposed payload extraction method can identify a large amount of encrypted applications traffic.It can filter out a large amount of non-malicious traffic,greatly improving the detection efficiency.A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment.Experimental results show that the false positive and false negative rates can be controlled within a certain range.
botnet encrypted traffic spatial-temporal correlation
Chen Wei Yu Le Yang Geng
College of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210003,P.R.China Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210003,P.R.Chin Key Laboratory of Broadband Wireless Communication and Sensor Network Technology,Ministry of Educati
国内会议
福州
英文
49-59
2012-10-27(万方平台首次上网日期,不代表论文的发表时间)