Abstract
Botnets are the engine for malicious activities in cyber space. In order to sustain their botnets and disguise their illegal actions, botnet owners are exhausting their strength to mimic legitimate cyber behavior to fly under the radar, e.g. flash crowd mimicking attacks on popular websites. It is an open and challenging problem: can we beat mimicking attacks or not? We use web browsing on popular websites as an example to explore the issue. In our previous work, we discovered that it is almost impossible to detect mimicking attacks from statistics if the number of active bots of a botnet is sufficient (no less than the number of active legitimate users). In this paper, we pointed out that it is usually hard for botnet owners to have sufficient number of active bots in practice. Therefore, we can discriminate mimicking attacks when the sufficient number condition is not met. We prove our claim theoretically and confirm it with simulations. Our findings can also be applied to a large number of other detection related cases.
Original language | English |
---|---|
Title of host publication | 2012 Proceedings IEEE INFOCOM, INFOCOM 2012 |
Pages | 2851-2855 |
Number of pages | 5 |
DOIs | |
Publication status | Published - 4 Jun 2012 |
Externally published | Yes |
Event | IEEE Conference on Computer Communications, INFOCOM 2012 - Orlando, FL, United States Duration: 25 Mar 2012 → 30 Mar 2012 |
Conference
Conference | IEEE Conference on Computer Communications, INFOCOM 2012 |
---|---|
Country/Territory | United States |
City | Orlando, FL |
Period | 25/03/12 → 30/03/12 |
Keywords
- botnet
- detection
- flash crowd attack
- mimicking attack
ASJC Scopus subject areas
- Computer Science(all)
- Electrical and Electronic Engineering