BotDet: a system for real time Botnet command and control traffic detection

Ghafir, Ibrahim; Prenosil, V.; Hammoudeh, M.; Baker, T.; Jabbar, S.; Khalid, S.; Jaf, S.

Publication

BotDet: a system for real time Botnet command and control traffic detection

Ghafir, Ibrahim
;
Prenosil, V.
;
Hammoudeh, M.
;
Baker, T.
;
Jabbar, S.
;
Khalid, S.
;
Jaf, S.

Publication Date

2018-06

Keywords

Critical infrastructure security, Healthcare cyber attacks, Malware, Botnet, Command and control server, Intrusion detection system, Alert correlation

Rights

This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/

Peer-Reviewed

Yes

Accepted for publication

2018-05-26

Collections

Engineering and Digital Technology Publications

Show all metadata

Files

Ghafir_IEEE_Access_Jun_2018

Adobe PDF, 4.76 MB

Abstract

Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed four detection modules to detect different possible techniques used in botnet C&C communications and 2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection.

URI

http://hdl.handle.net/10454/17617

Version

Published version

Citation

Ghafir I, Prenosil V, Hammoudeh M et al (2018) BotDet: a system for real time Botnet command and control traffic detection. IEEE Access. 6: 38947-38958.

Link to Version of Record

https://doi.org/10.1109/ACCESS.2018.2846740

Type

Article

BotDet: a system for real time Botnet command and control traffic detection

Ghafir, Ibrahim
;
Prenosil, V.
;
Hammoudeh, M.
;
Baker, T.
;
Jabbar, S.
;
Khalid, S.
;
Jaf, S.

Publication Date

End of Embargo

Supervisor

Keywords

Rights

Peer-Reviewed

Open Access status

Accepted for publication

Institution

Department

Awarded

Embargo end date

Collections

Files

Abstract

URI

Version

Citation

Link to publisher’s version

Link to published version

Link to Version of Record

Type

Qualification name

Notes

BotDet: a system for real time Botnet command and control traffic detection

Ghafir, Ibrahim ; Prenosil, V. ; Hammoudeh, M. ; Baker, T. ; Jabbar, S. ; Khalid, S. ; Jaf, S.

Publication Date

End of Embargo

Supervisor

Keywords

Rights

Peer-Reviewed

Open Access status

Accepted for publication

Institution

Department

Awarded

Embargo end date

Collections

Files

Abstract

URI

Version

Citation

Link to publisher’s version

Link to published version

Link to Version of Record

Type

Qualification name

Notes

Ghafir, Ibrahim
;
Prenosil, V.
;
Hammoudeh, M.
;
Baker, T.
;
Jabbar, S.
;
Khalid, S.
;
Jaf, S.