Showing 1–2 of 2 results for author: Kharrazi, M

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

Authors: Sajjad Arshad, Maghsoud Abbaspour, Mehdi Kharrazi, Hooman Sanatkar

Abstract: Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial of service (DDoS) attacks. Most of previous researches have introduced fully or partially signature-based botnet detection approaches. In this paper, we propose a fully anomaly-based approach that requires no a priori knowledge of bot signa… ▽ More Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial of service (DDoS) attacks. Most of previous researches have introduced fully or partially signature-based botnet detection approaches. In this paper, we propose a fully anomaly-based approach that requires no a priori knowledge of bot signatures, botnet C&C protocols, and C&C server addresses. We start from inherent characteristics of botnets. Bots connect to the C&C channel and execute the received commands. Bots belonging to the same botnet receive the same commands that causes them having similar netflows characteristics and performing same attacks. Our method clusters bots with similar netflows and attacks in different time windows and perform correlation to identify bot infected hosts. We have developed a prototype system and evaluated it with real-world traces including normal traffic and several real-world botnet traces. The results show that our approach has high detection accuracy and low false positive. △ Less

Submitted 2 November, 2018; originally announced November 2018.

Comments: IEEE Conference on Computer Applications and Industrial Electronics (ICCAIE), Penang, Malaysia, December 2011

A Composite-Metric Based Path Selection Technique for the Tor Anonymity Network

Authors: Sadegh Momeni Milajerdi, Mehdi Kharrazi

Abstract: The Tor anonymous network has become quite popular with regular users on the Internet. In the Tor network, an anonymous path is created by selecting three relays through which the connection is redirected. Nevertheless, as the number of Tor users has increased substantially in recent years, the algorithm with which the relays are selected affects the performance provided by the Tor network. More i… ▽ More The Tor anonymous network has become quite popular with regular users on the Internet. In the Tor network, an anonymous path is created by selecting three relays through which the connection is redirected. Nevertheless, as the number of Tor users has increased substantially in recent years, the algorithm with which the relays are selected affects the performance provided by the Tor network. More importantly as the performance suffers, users will leave the network, resulting in a lower anonymity set and in turn lower security provided by Tor network. In this paper, we proposed an algorithm for improving performance and security of the Tor network, by employing a combination of different metrics in the process of the path selection between the source and destination node. These metrics are bandwidth and uptime of relays as node conditions and delays between the relays as a path condition. Through a number of experiments we show that we could double the performance observed by end users when using the proposed technique as opposed to the current Tor path selection algorithm. More importantly, the proposed technique only requires a software upgrade on the client side, and other Tor nodes do not need to be modified. △ Less

Submitted 8 July, 2017; originally announced July 2017.

Comments: Journal of Systems and Software 2015