Anomaly-based Botnet Detection for 10 Gb/s Networks


	May 08, 2008 Golden Eye 4.50 review added! more Free monitoring and anti-keylogging Software! more


	May 16, 2008 Hacker confab 'Last HOPE' to track attendees with RFID more Soca reveals its cybercrime-fighting successes more Oklahoma State breach points to ongoing higher-ed security challenges more HP confirms XP SP3 endless reboot snafu, promises patch more After 'treasure Hunt,' Hacker Releases IE Attack Code more Former Tech Executive Found Guilty of Securities Fraud more US wants its own botnet for preemptive strikes more Apple dismisses Safari vulnerability more DNS trouble knocks NSA off Internet more Global leaders unite against IT threats more Yahoo Search Security Beta Draws Complaints more

E-mail:

E-mail:

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

Home \ Articles \ Anomaly-based Botnet Detection for 10 Gb/s Networks

Anomaly-based Botnet Detection for 10 Gb/s Networks
by Jonathon W. Donaldson
AUTHORS' DESCRIPTION Current network data rates have made it increasingly difficult for cyber security specialists to protect the information stored on private systems. Greater throughput not only allows for higher productivity, but also creates a “larger” security hole that may allow numerous malicious applications (e.g. bots) to enter a private network. Software based intrusion detection/prevention systems are not fast enough for the massive amounts of traffic found on 1 Gb/s and 10 Gb/s networks to be fully effective. Consequently, businesses accept more risk and are forced to make a conscious trade-off between threat and performance. A solution that can handle a much broader view of large-scale, high-speed systems will allow us to increase maximum throughput and network productivity. This paper describes a novel method of solving this problem by joining a pre-existing signature-based intrusion prevention system with an anomaly-based botnet detection algorithm in a hybrid hardware/software implementation. Our contributions include the addition of an anomaly detection engine to a pre-existing signature detection engine in hardware. This hybrid system is capable of processing full-duplex 10 Gb/s traffic in real-time with no packet loss. The behavior-based algorithm and user interface are customizable. This research has also led to improvements of the vendor supplied signal and programming interface specifications which we have made readily available. Read the full article

Home \ Articles \ Anomaly-based Botnet Detection for 10 Gb/s Networks

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!

	\| home \| testing and reviews \| testing policy \| press_releases \| developers \| \| articles \| contest \| chat \| forum \| sponsorship & services \| contacts \| links \|
	Copyright © 2003-2008, Keylogger.Org Team. All Rights Reserved. Use of any information from this website is permitted only with hypertext link to keylogger.org.