This Article 
 Bibliographic References 
 Add to: 
Directions in Network-Based Security Monitoring
January/February 2009 (vol. 7 no. 1)
pp. 82-85
Phillip Porras, SRI International
This article outlines some recently emerging research in network-based malicious software detection. The author discusses differences between traditional network intrusion detection and these new techniques, and highlights a new freely available tool called BotHunter.

1. P.A. Porras, M.W. Fong, and A. Valdes, "A Mission-Impact-Based Approach to INFOSEC Alarm Correlation," Proc. Int'l Symp. Recent Advances in Intrusion Detection, Springer, 2002, pp. 95–114.
2. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection," Proc. 17th Usenix Security Symp., Usenix Assoc., 2008, pp. 139–154.
3. T.-F. Yen and M. Reiter, "Traffic Aggregation for Malware Detection," Proc. 5th Conf. Detection of Intrusions and Malware and Vulnerability Assessment, SIG SIDAR, 2008.
4. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-Scale Botnet Detection and Characterization," Proc. 1st Workshop on Hot Topics in Understanding Botnets (HotBots), Usenix Assoc., 2007, p. 7.
5. J. Goebel and T. Holz, "Rishi: Identify Bot-Contaminated Hosts by IRC Nickname Evaluation," Proc. 1st Workshop on Hot Topics in Understanding Botnets (HotBots), Usenix Association, 2007, p. 8.
6. J.R. Binkley and S. Singh, "An Algorithm for Anomaly-Based Botnet Detection," Proc. Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet, Usenix Assoc., 2006, pp. 43–48.
7. G. Gu, J. Zhang, and W. Lee, "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic," Proc. 15th Ann. Network and Distributed System Security Symp. (NDSS 08), Internet Soc., 2008.
8. G. Gu et al., "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation," Proc. 16th Usenix Security Symp. (Security 07), Usenix Assoc., 2007, pp. 162–182.

Index Terms:
intrusion detection, malware, network security, attack trends
Phillip Porras, "Directions in Network-Based Security Monitoring," IEEE Security & Privacy, vol. 7, no. 1, pp. 82-85, Jan.-Feb. 2009, doi:10.1109/MSP.2009.5
Usage of this product signifies your acceptance of the Terms of Use.