Title
Detecting encrypted botnet traffic
Abstract
Bot detection methods that rely on deep packet inspection (DPI) can be foiled by encryption. Encryption, however, increases entropy. This paper investigates whether adding high-entropy detectors to an existing bot detection tool that uses DPI can restore some of the bot visibility.We present two high-entropy classifiers, and use one of them to enhance BotHunter. Our results show that while BotHunter misses about 50% of the bots when they employ encryption, our high-entropy classifier restores most of its ability to detect bots, even when they use encryption. © 2013 IEEE.
Publication Title
2013 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2013
Recommended Citation
Zhang, H., Papadopoulos, C., & Massey, D. (2013). Detecting encrypted botnet traffic. 2013 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2013, 163-168. https://doi.org/10.1109/INFCOMW.2013.6562912