Fermer ce champ de recherche.

Vous êtes victime d’un incident de sécurité ? Contactez notre CERT



Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems

Georges Bossert / AMOSSYS-SUPELEC, Rennes, Guillaume Hiet / SUPELEC, Rennes, Thibaut Henin / AMOSSYS, Rennes


The purpose of this paper is the modelization and simulation of zombie machines for the evaluation of Network Intrusion Detection Systems (NIDS), used to detect botnets. We propose an automatic method to infer zombies behaviours through the analysis of messages exchanged with their masters. Once computed, a model provides a solution to generate realistic and manageable traffic, which is mandatory for an NIDS evaluation. We propose to use a Stochastic Mealy Machine to model zombies behaviour, and an active inference algorithm to learn it. With our approach, it is possible to generate a realistic traffic corresponding to the communications of botnets while ensuring its controllability in the context of an NIDS evaluation.

Voir les dernières Publications

28 mai 2024
Cet article présente et expérimente AWARE (Attacks in Windows Architectures REvealed), un outil défensif capable d'interroger un système Windows et de construire un graphe dirigé mettant en évidence les chemins d'attaque furtifs.
28 mai 2024
Cet article présente la première proposition du format CAPG, qui est une méthode de représentation d'une vulnérabilité CVE, d'une exploitation correspondante et des positions d'attaque associées.
18 novembre 2021
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
26 janvier 2021
Persistent Threats (APT) since only pre-registered and well-characterized attacks can be catched. Some recent systems use unsupervised ML algorithms [...]
15 décembre 2020
Cet article expose la mise en oeuvre du leurrage dans un but de renseignement sur les attaquants (outils et méthodes).
23 novembre 2018
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
28 août 2018
Understanding data distributions is one of the most fundamentalresearch topic in data analysis. The literature provides a great dealof powerful statistical learning algorithms [...]
21 août 2017
Anomaly detection in time series has attracted considerable attention due to its importance in many real-world applications including intrusion detection, energy management and finance [...]
22 mai 2017
Le langage C++ s’est imposé comme une référence dans les domaines où la modularité du développement ne doit pas empiéter sur les performances du logiciel final [...]
5 juillet 2016
Verification of software security properties, when conducted at the binary code level, is a difficult and cumbersome task. This paper is focused on [...]