Behavioural Correlation for Detecting P2P Bots

Author

Al-Hammadi, Yousof ; Aickelin, Uwe

Author_Institution

Sch. of Comput. Sci. & Inf. Technol., Univ. of Nottingham, Nottingham, UK

fYear

2010

fDate

22-24 Jan. 2010

Firstpage

323

Lastpage

327

Abstract

In the past few years, IRC bots, malicious programs which are remotely controlled by attackers through IRC servers, have become a major threat to the Internet and for users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shut down other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or trace back, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots.

Keywords

peer-to-peer computing; protocols; security of data; IRC bots; Internet security; P2P Bots detection; behavioural correlation; distributed denial of services attacks; keystrokes logging; malicious programs; peer to peer protocols; spamming; traffic sniffing; Command and control systems; Computer science; Information analysis; Information technology; Internet; Network servers; Peer to peer computing; Protocols; Viruses (medical); Web server; P2P; Peacomm; bot; botnet; correlation;

fLanguage

English

Publisher

ieee

Conference_Titel

Future Networks, 2010. ICFN '10. Second International Conference on

Conference_Location

Sanya, Hainan

Print_ISBN

978-0-7695-3940-9

Electronic_ISBN

978-1-4244-5667-3

Type

conf

DOI

10.1109/ICFN.2010.72

Filename

5431829