Mimicking Attack Detection at Hybrid Level
Botnets are becoming an easy way of creating multiple attacks. One of them was botnets simulate the behaviour that is very near to the legitimate users. Previous research found through semi-Markov model it was difficult to detect mimicking attack based on browsing statistics if attacking bots were s...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
European Alliance for Innovation (EAI)
2020-11-01
|
| Series: | EAI Endorsed Transactions on Energy Web |
| Subjects: | |
| Online Access: | https://eudl.eu/pdf/10.4108/eai.13-7-2018.164630 |
| _version_ | 1819052017705811968 |
|---|---|
| author | V Krishna R Subhashini |
| author_facet | V Krishna R Subhashini |
| author_sort | V Krishna |
| collection | DOAJ |
| description | Botnets are becoming an easy way of creating multiple attacks. One of them was botnets simulate the behaviour that is very near to the legitimate users. Previous research found through semi-Markov model it was difficult to detect mimicking attack based on browsing statistics if attacking bots were sufficiently large in number [1]. By using Bots attackers will collect the user profiles from multiple systems. Bot master (attacker) will study statistics and Bot master will prepare a common profile (or) multiple profiles similar to the user activities. In the next phase, bot master injects profile into user systems through bots. If bot master injects common profile across all bot injected system then the attack was considered as a homogeneous mimicking attack. If bot master injects multiple profiles to the bot injected systems the attack was considered a heterogeneous mimicking attack. As part of our study, we simulated the mimicking attack and worked on detecting at multiple levels. We have developed algorithms of detecting at a server level [2] and the gateway level [3]. In this paper, we are going to discuss the merits and demerits of these two detection algorithms and proposing another architecture module hybrid level detection. Which will be spread across servers and gateway which will have the bird view of activities happening in the network. It collects the statistics from different network elements and based on the analysis of the trace of the bot activities will identify mimicking attack. |
| first_indexed | 2024-12-21T12:13:09Z |
| format | Article |
| id | doaj.art-8192babfcbaf46db986f225fde2350e4 |
| institution | Directory Open Access Journal |
| issn | 2032-944X |
| language | English |
| last_indexed | 2024-12-21T12:13:09Z |
| publishDate | 2020-11-01 |
| publisher | European Alliance for Innovation (EAI) |
| record_format | Article |
| series | EAI Endorsed Transactions on Energy Web |
| spelling | doaj.art-8192babfcbaf46db986f225fde2350e42022-12-21T19:04:31ZengEuropean Alliance for Innovation (EAI)EAI Endorsed Transactions on Energy Web2032-944X2020-11-0173010.4108/eai.13-7-2018.164630Mimicking Attack Detection at Hybrid LevelV Krishna0R Subhashini1Research Scholar, School of Computing, Sathyabama Institute of Science and Technology, Chennai, IndiaProfessor of Information Technology, Sathyabama Institute of Science and Technology, Chennai, IndiaBotnets are becoming an easy way of creating multiple attacks. One of them was botnets simulate the behaviour that is very near to the legitimate users. Previous research found through semi-Markov model it was difficult to detect mimicking attack based on browsing statistics if attacking bots were sufficiently large in number [1]. By using Bots attackers will collect the user profiles from multiple systems. Bot master (attacker) will study statistics and Bot master will prepare a common profile (or) multiple profiles similar to the user activities. In the next phase, bot master injects profile into user systems through bots. If bot master injects common profile across all bot injected system then the attack was considered as a homogeneous mimicking attack. If bot master injects multiple profiles to the bot injected systems the attack was considered a heterogeneous mimicking attack. As part of our study, we simulated the mimicking attack and worked on detecting at multiple levels. We have developed algorithms of detecting at a server level [2] and the gateway level [3]. In this paper, we are going to discuss the merits and demerits of these two detection algorithms and proposing another architecture module hybrid level detection. Which will be spread across servers and gateway which will have the bird view of activities happening in the network. It collects the statistics from different network elements and based on the analysis of the trace of the bot activities will identify mimicking attack.https://eudl.eu/pdf/10.4108/eai.13-7-2018.164630botnetmimicking attacksemi-markov modelips |
| spellingShingle | V Krishna R Subhashini Mimicking Attack Detection at Hybrid Level EAI Endorsed Transactions on Energy Web botnet mimicking attack semi-markov model ips |
| title | Mimicking Attack Detection at Hybrid Level |
| title_full | Mimicking Attack Detection at Hybrid Level |
| title_fullStr | Mimicking Attack Detection at Hybrid Level |
| title_full_unstemmed | Mimicking Attack Detection at Hybrid Level |
| title_short | Mimicking Attack Detection at Hybrid Level |
| title_sort | mimicking attack detection at hybrid level |
| topic | botnet mimicking attack semi-markov model ips |
| url | https://eudl.eu/pdf/10.4108/eai.13-7-2018.164630 |
| work_keys_str_mv | AT vkrishna mimickingattackdetectionathybridlevel AT rsubhashini mimickingattackdetectionathybridlevel |