{"id":328,"date":"2013-02-13T16:43:29","date_gmt":"2013-02-14T00:43:29","guid":{"rendered":"http:\/\/ant.isi.edu\/blog\/?p=328"},"modified":"2020-10-19T10:25:58","modified_gmt":"2020-10-19T17:25:58","slug":"new-conference-paper-detecting-encrypted-botnet-traffic-at-global-internet-2013","status":"publish","type":"post","link":"https:\/\/ant.isi.edu\/blog\/?p=328","title":{"rendered":"New conference paper &#8220;Detecting Encrypted Botnet Traffic&#8221; at Global Internet 2013"},"content":{"rendered":"<p>The paper &#8220;Detecting Encrypted Botnet Traffic&#8221; was accepted by Global Internet 2013 in Turin, Italy (available at <a href=\"http:\/\/www.netsec.colostate.edu\/~zhang\/DetectingEncryptedBotnetTraffic.pdf\">http:\/\/www.netsec.colostate.edu\/~zhang\/DetectingEncryptedBotnetTraffic.pdf<\/a>)<\/p>\n<p>From the abstract:<\/p>\n<div title=\"Page 1\">\n<div>\n<div>\n<blockquote><p>Bot detection methods that rely on deep packet in- spection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high- entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility. We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption.<\/p><\/blockquote>\n<p>This work is advised by Christos Papadopolous and Dan Massey at Colorado State University.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The paper &#8220;Detecting Encrypted Botnet Traffic&#8221; was accepted by Global Internet 2013 in Turin, Italy (available at http:\/\/www.netsec.colostate.edu\/~zhang\/DetectingEncryptedBotnetTraffic.pdf) From the abstract: Bot detection methods that rely on deep packet in- spection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high- entropy detectors to an existing bot detection tool [&hellip;]<\/p>\n","protected":false},"author":98,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[284,282],"tags":[60,59,24,23,8,29,5,41,18],"class_list":["post-328","post","type-post","status-publish","format-standard","hentry","category-papers-publications","category-publications","tag-botnets","tag-colostate","tag-conference","tag-global-internet","tag-lander","tag-network-traffic","tag-papers","tag-predict","tag-security"],"_links":{"self":[{"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/posts\/328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/users\/98"}],"replies":[{"embeddable":true,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=328"}],"version-history":[{"count":6,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions"}],"predecessor-version":[{"id":1650,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions\/1650"}],"wp:attachment":[{"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ant.isi.edu\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}