Title :
IRC Botnets´ Homology Identifying Method Based on Improved LB_PAA Distance of Communication Characteristic Curves
Author :
Jia, Yan ; Li, Runheng ; Gan, Liang ; Chen, Guangqiang
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
IRC botnet can be regarded as a collection of compromised computers (called Zombie computers) running software under the command-and-control infrastructure constructed by the IRC server. The connection between the botnet server and the bots are usually very dynamic. In order to describe a botnet at a finer granularity, the paper proposed a method that identify homologous botnets by extracting communication characteristic curves and compute the dynamic time warping distance between the curves, and used improved LB_PAA distance to reduce computational complexity. Experiments were carried out for validation purposes, the error rates were evaluated and shown.
Keywords :
command and control systems; computational complexity; time warp simulation; IRC botnet homology identifying method; IRC server; Zombie computers; command-and-control infrastructure; communication characteristic curve extraction; communication characteristic curves; computational complexity; dynamic time warping distance; error rates; Computational complexity; Computer security; Data mining; Data security; Error analysis; Frequency; Information security; National security; Network servers; Web server; LB_PAA; botnet; communication; dynamic time warping distance; homologous;
Conference_Titel :
Intelligent Information Technology and Security Informatics (IITSI), 2010 Third International Symposium on
Conference_Location :
Jinggangshan
Print_ISBN :
978-1-4244-6730-3
Electronic_ISBN :
978-1-4244-6743-3
DOI :
10.1109/IITSI.2010.69
