Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection
Host-based bot detection approaches discover malicious bot processes by signature comparison or behavior analysis. Existing approaches have low performance which has become a bottleneck blocking its wider deployment. Among the impact factors of performance, overhead is a crucial one. Many host-based...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2015-05-01
|
| Series: | International Journal of Distributed Sensor Networks |
| Online Access: | https://doi.org/10.1155/2015/524627 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849739118915878912 |
|---|---|
| author | Yuede Ji Qiang Li Yukun He Dong Guo |
| author_facet | Yuede Ji Qiang Li Yukun He Dong Guo |
| author_sort | Yuede Ji |
| collection | DOAJ |
| description | Host-based bot detection approaches discover malicious bot processes by signature comparison or behavior analysis. Existing approaches have low performance which has become a bottleneck blocking its wider deployment. Among the impact factors of performance, overhead is a crucial one. Many host-based bot detection approaches with high detection accuracy are not used practically because of their high overheads. For the development of host-based bot detection, unveiling the factors affecting the overhead is very significant. First, this paper classifies the typical approaches of host-based bot detection proposed in recent years by several metrics, information sources, interception mechanisms on host, intercepted system calls, trigger mechanisms, and correlation engine. Second, based on our analyses of aims and implementations of detection approaches, we identify three major factors affecting the overhead of approaches, namely, interception mechanism on host, type, and number of system calls intercepted and correlation engine. Third, we evaluate the influence of these factors via various experiments on real systems. Finally, based on the experiments, we propose several suggestions which are able to significantly decrease the overhead of host-based bot detection approaches. |
| format | Article |
| id | doaj-art-ec4d98f5777a40b7bb81ded7153477fb |
| institution | DOAJ |
| issn | 1550-1477 |
| language | English |
| publishDate | 2015-05-01 |
| publisher | Wiley |
| record_format | Article |
| series | International Journal of Distributed Sensor Networks |
| spelling | doaj-art-ec4d98f5777a40b7bb81ded7153477fb2025-08-20T03:06:23ZengWileyInternational Journal of Distributed Sensor Networks1550-14772015-05-011110.1155/2015/524627524627Overhead Analysis and Evaluation of Approaches to Host-Based Bot DetectionYuede Ji0Qiang Li1Yukun He2Dong Guo3 Symbol Computation and Knowledge Engineer of Ministry of Education, Jilin University, Changchun, Jilin 130012, China Symbol Computation and Knowledge Engineer of Ministry of Education, Jilin University, Changchun, Jilin 130012, China Symbol Computation and Knowledge Engineer of Ministry of Education, Jilin University, Changchun, Jilin 130012, China Symbol Computation and Knowledge Engineer of Ministry of Education, Jilin University, Changchun, Jilin 130012, ChinaHost-based bot detection approaches discover malicious bot processes by signature comparison or behavior analysis. Existing approaches have low performance which has become a bottleneck blocking its wider deployment. Among the impact factors of performance, overhead is a crucial one. Many host-based bot detection approaches with high detection accuracy are not used practically because of their high overheads. For the development of host-based bot detection, unveiling the factors affecting the overhead is very significant. First, this paper classifies the typical approaches of host-based bot detection proposed in recent years by several metrics, information sources, interception mechanisms on host, intercepted system calls, trigger mechanisms, and correlation engine. Second, based on our analyses of aims and implementations of detection approaches, we identify three major factors affecting the overhead of approaches, namely, interception mechanism on host, type, and number of system calls intercepted and correlation engine. Third, we evaluate the influence of these factors via various experiments on real systems. Finally, based on the experiments, we propose several suggestions which are able to significantly decrease the overhead of host-based bot detection approaches.https://doi.org/10.1155/2015/524627 |
| spellingShingle | Yuede Ji Qiang Li Yukun He Dong Guo Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection International Journal of Distributed Sensor Networks |
| title | Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection |
| title_full | Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection |
| title_fullStr | Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection |
| title_full_unstemmed | Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection |
| title_short | Overhead Analysis and Evaluation of Approaches to Host-Based Bot Detection |
| title_sort | overhead analysis and evaluation of approaches to host based bot detection |
| url | https://doi.org/10.1155/2015/524627 |
| work_keys_str_mv | AT yuedeji overheadanalysisandevaluationofapproachestohostbasedbotdetection AT qiangli overheadanalysisandevaluationofapproachestohostbasedbotdetection AT yukunhe overheadanalysisandevaluationofapproachestohostbasedbotdetection AT dongguo overheadanalysisandevaluationofapproachestohostbasedbotdetection |