Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems - CentraleSupélec Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems

Résumé

The purpose of this paper is the modelization and simulation of zombie machines for the evaluation of Network Intrusion Detection Systems (NIDS), used to detect botnets. We propose an automatic method to infer zombies behaviors through the analysis of messages exchanged with their masters. Once computed, a model provides a solution to generate realistic and manageable traffic, which is mandatory for an NIDS evaluation. We propose to use a Stochastic Mealy Machine to model zombies behavior, and an active inference algorithm to learn it. With our approach, it is possible to generate a realistic traffic corresponding to the communications of botnets while ensuring its controllability in the context of an NIDS evaluation.
Fichier non déposé

Dates et versions

hal-00658396 , version 1 (10-01-2012)

Identifiants

Citer

Georges Bossert, Guillaume Hiet, Thibaut Henin. Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems. SAR-SSI 2011, May 2011, La Rochelle, France. pp.1-8, ⟨10.1109/SAR-SSI.2011.5931397⟩. ⟨hal-00658396⟩
549 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More