Title :
Efficient Detection of Bots in Subscribers´ Computers
Author :
Brustoloni, José ; Farnan, Nicholas ; Villamarín-Salomón, Ricardo ; Kyle, David
Author_Institution :
Dept. of Comput. Sci., Univ. of Pittsburgh, Pittsburgh, PA, USA
Abstract :
We investigate how an ISP can efficiently detect bots in its subscribers´ computers, possibly as a value-added service or to prevent collateral damage to its infrastructure. By causing an ISP´s email servers and network links to get clogged or blacklisted, bots reduce the quality of service the ISP provides to its subscribers. We describe DNS Flagger, a novel device for ISP bot detection, and evaluate its efficiency. DNS flagger matches subscribers´ DNS traffic against IP and DNS signatures. In real-time experiments, we found that, on average, major anti-virus programs (AVs) detected only 59% of freshly caught bots, while DNS Flagger detected 73.1% or 91% of those bots, respectively on hosts that do not or do also have a major AV. There were no false alarms. Because its processing involves only a small fraction of all network traffic and can be performed at very high speed, a single DNS flagger can handle hundreds of thousands of subscribers.
Keywords :
Internet; digital signatures; quality of service; security of data; telecommunication traffic; DNS flagger; DNS signature; IP signature; ISP bot detection; Internet service provider; antivirus program; email server; network links; network traffic; quality of service; subscriber computer; Communications Society; Computer worms; Home computing; Information analysis; Network servers; Peer to peer computing; Quality of service; Telecommunication traffic; Viruses (medical); Web server;
Conference_Titel :
Communications, 2009. ICC '09. IEEE International Conference on
Conference_Location :
Dresden
Print_ISBN :
978-1-4244-3435-0
Electronic_ISBN :
1938-1883
DOI :
10.1109/ICC.2009.5198970
