Skip to Main content Skip to Navigation
Conference papers

Semantics based analysis of botnet activity from heterogeneous data sources

Santiago Ruano Rincon 1 Sandrine Vaton 1, 2 Antoine Beugnard 1, 3 Serge Garlatti 1, 4
2 ADOPNET - Advanced technologies for operated networks
UR1 - Université de Rennes 1, Télécom Bretagne, IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
3 PASS - Process for Adaptative Software Systems
Télécom Bretagne, IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
4 Lab-STICC_TB_CID_IHSEV
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : The diversity in network devices, protocols, data sources and probes impose different challenges to uniformly measure and analyse network traffic. Analysing a network means considering distinctive reporting approaches and diverse methods to represent data, measure times or identify nodes. In this work, we tackle these challenges by relying on semantics, taking advantage of the ontologies' ability to map high-level network concepts to concrete information sources of different nature. In particular, we propose a simple architecture to map network concepts to data stored in relational databases. Based on this architecture, we implement a tool that looks for malicious bot activity, studying, from a unique point of view, DNS traffic from PCAP sources, and TCP connections from IPFIX reports. This approach is able to enhance current DNS based botnet detection methods, taking into account additional heterogeneous analysis elements.
Document type :
Conference papers
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-01162734
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Thursday, June 11, 2015 - 2:42:34 PM
Last modification on : Thursday, May 27, 2021 - 4:24:03 PM
Long-term archiving on: : Tuesday, April 25, 2017 - 6:45:13 AM

File

paper-botnet-case-study-TB-pub...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01162734, version 1

Citation

Santiago Ruano Rincon, Sandrine Vaton, Antoine Beugnard, Serge Garlatti. Semantics based analysis of botnet activity from heterogeneous data sources. IWCMC 2015 : 11th International Wireless Communications & Mobile Computing Conference - TRAC Workshop : Traffic Analysis and Characterization, Aug 2015, Dubrovnik, Croatia. ⟨hal-01162734⟩

Share

Metrics

Record views

1206

Files downloads

651