Computer Science – Cryptography and Security
Scientific paper
2010-04-08
IJCSIS, Vol. 7 No. 3, March 2010
Computer Science
Cryptography and Security
IEEE Publication format, ISSN 1947 5500, http://sites.google.com/site/ijcsis/
Scientific paper
Botnet is most widespread and occurs commonly in today's cyber attacks, resulting in serious threats to our network assets and organization's properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Control (C&C) infrastructure. They are used to distribute commands to the Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as Botnets change their structure and C&C techniques. In this paper at first we provide taxonomy of Botnets C&C channels and evaluate well-known protocols which are being used in each of them. Then we proposed a new general detection framework which currently focuses on P2P based and IRC based Botnets. This proposed framework is based on definition of Botnets. Botnet has been defined as a group of bots that perform similar communication and malicious activity patterns within the same Botnet. The point that distinguishes our proposed detection framework from many other similar works is that there is no need for prior knowledge of Botnets such as Botnet signature.
Abdul Manaf Azizah Bt
Zeidanloo Hossein Rouhani
No associations
LandOfFree
Botnet Detection by Monitoring Similar Communication Patterns does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Botnet Detection by Monitoring Similar Communication Patterns, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Botnet Detection by Monitoring Similar Communication Patterns will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-713027