Can we beat legitimate cyber behavior mimicking attacks from botnets?

Shui Yu, Song Guo, Ivan Stojmenovic

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

36 Citations (Scopus)


Botnets are the engine for malicious activities in cyber space. In order to sustain their botnets and disguise their illegal actions, botnet owners are exhausting their strength to mimic legitimate cyber behavior to fly under the radar, e.g. flash crowd mimicking attacks on popular websites. It is an open and challenging problem: can we beat mimicking attacks or not? We use web browsing on popular websites as an example to explore the issue. In our previous work, we discovered that it is almost impossible to detect mimicking attacks from statistics if the number of active bots of a botnet is sufficient (no less than the number of active legitimate users). In this paper, we pointed out that it is usually hard for botnet owners to have sufficient number of active bots in practice. Therefore, we can discriminate mimicking attacks when the sufficient number condition is not met. We prove our claim theoretically and confirm it with simulations. Our findings can also be applied to a large number of other detection related cases.
Original languageEnglish
Title of host publication2012 Proceedings IEEE INFOCOM, INFOCOM 2012
Number of pages5
Publication statusPublished - 4 Jun 2012
Externally publishedYes
EventIEEE Conference on Computer Communications, INFOCOM 2012 - Orlando, FL, United States
Duration: 25 Mar 201230 Mar 2012


ConferenceIEEE Conference on Computer Communications, INFOCOM 2012
Country/TerritoryUnited States
CityOrlando, FL


  • botnet
  • detection
  • flash crowd attack
  • mimicking attack

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this