Document

Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

Overview

Publication date
Accessibility
yes
DOI

Description

We present a novel anomaly-based detection approach capable
of detecting botnet Command and Control traffic in an enterprise
network by estimating the trustworthiness of the traffic destinations.
A traffic flow is classified as anomalous if its destination identifier does
not origin from: human input, prior traffic from a trusted destination, or
a defined set of legitimate applications. This allows for real-time detection
of diverse types of Command and Control traffic. The detection
approach and its accuracy are evaluated by experiments in a controlled
environment.


© 2024 SURF