Papers

The following papers are related with the datasets captured in our facility and help to better understand our work.

An empirical comparison of botnet detection methods

  • Authors: Garcia Sebastian, Zunino Alejandro
  • Elsevier Computers & Security Journal. Vol 45, Issue 0, pp 100-123
  • Download Link
  • "The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology."
  • DOI: http://dx.doi.org/10.1016/j.cose.2014.05.011
  • Keywords: Malware, Botnet, detecion, comparisons.

Survey on Network-based Botnet Detection Methods

  • Authors: Garcia, Sebastian, Zunino, Alejandro and Campo, Marcelo
  • Security and Communication Networks Journal, John Wiley & Sons, Ltd
  • Number:5, Pages: 878--903, Volume: 7, Year: 2013
  • Download Link 
  • "Botnets are an important security problem on the Internet. They continuously evolve their structure, protocols and attacks. This survey analyzes and compares the most important efforts done in the network-based detection area. It accomplishes four tasks: first, the comparison of previous surveys and the proposal of four new dimensions to analyze their classification schemes. Second, a new classification and comparison of network-based botnet detection proposals, that includes the definition of twenty desired properties of every botnet detection paper. Third, an extensive comparison between the most representative detection proposals. Fourth, the description of the most important problems and highlights in the area.We conclude that the area has achieved great advances so far, but there are still many open problems"
  • DOI: 10.1002/sec.800
  • Keyworkds: botnets,information security,network behavior,network detection,survey