Botnet Detection Using Structured Graph Analysis

  • Shishir Nagaraja | University of Birmingham

As corporations, agencies, and individuals continue to invest in national infrastructure trusting it to withstand cyber-attacks, it is important to ensure that the this trust is warranted. In this talk, I will present ISP level countermeasures that localise bots based on the unique communication patterns arising from their overlay topologies used for command and control. I will also present schemes that allow ISPs to cooperatively detect botnet attacks and other network anomalies without leaking private traffic information. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP’s backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, (ii) are resilient to the partial visibility arising from partial deployment of monitoring systems, and measurement inaccuracies arising from partial visibility and dynamics of background traffic, and (iii) are scalable enough to show good promise as a key element of a wider network anomaly detection framework.

Speaker Details

Shishir Nagaraja is a researcher with interests in the area of graph-theory and network security. His research currently focuses on global-scale architectures for botnet mitigation, anonymous communications, and resilient control systems. He is known for his work on discovering social malware attacks by government agencies and uncovering ISP-level censorship practices across the world. Shishir holds a Ph.D. from Cambridge University, England, where along with Prof. Ross Anderson he compiled a monograph on the design principles of covertness and resilience in networks. He is a Lecturer of Computer Security at the University of Birmingham, UK (concurrently Adjunct Professor at ECE, UIUC). He has also worked and consulted for the software industry in Bangalore for many years and holds several patents in the area of trust and security.

Watch Next