DocumentCode
1626507
Title
Real-time Botnet command and control characterization at the host level
Author
Etemad, F.F. ; Vahdani, P.
Author_Institution
Dept. of Comput. Eng., Ferdowsi Univ. of Mashhad, Mashhad, Iran
fYear
2012
Firstpage
1005
Lastpage
1009
Abstract
A Botnet is a network of compromised machines which are controlled by a person called botmaster via a typical Command and Control (C&C) structure. Besides malicious activity on infected host, bots are employed to deliver attacks against outside targets including phishing, Distributed Denial of Service (DDoS) attacks and spamming. Counter measures against Botnet phenomenon are usually formed based on passive traffic analysis at network level. This limits encountering Botnets in a proactive manner. In this paper, we proposed a real-time approach which not only detects Botnet traffic on the host, but also can filter it from outgoing traffic in order to suppress the Botnet. Our approach works by detecting Botnet communication patterns which belongs to a centralized C&C structure. The capability of bot detection by real-time processing of host-related data solely, distinguishes our work from other existing approaches.
Keywords
computer crime; computer network security; telecommunication traffic; unsolicited e-mail; C&C structure; DDoS attack; attack delivery; bot detection; botmaster; botnet communication pattern; botnet traffic; distributed denial of service attack; host level; infected host; malicious activity; network level; passive traffic analysis; phishing; real-time botnet command and control characterization; real-time processing; spamming; Command and control systems; Filtering; Malware; Protocols; Real-time systems; Servers; Botnet; Centralized C&C; Host-Based; detection; real-time;
fLanguage
English
Publisher
ieee
Conference_Titel
Telecommunications (IST), 2012 Sixth International Symposium on
Conference_Location
Tehran
Print_ISBN
978-1-4673-2072-6
Type
conf
DOI
10.1109/ISTEL.2012.6483133
Filename
6483133
Link To Document