Title :
A Novel Approach to Detect IRC-Based Botnets
Author :
Wang, Wei ; Fang, Binxing ; Zhang, Zhaoxin ; Li, Chao
Author_Institution :
Res. Center of Comput. Network & Inf., Harbin Inst. of Technol., Harbin
Abstract :
Bot nicknames within one IRC-based botnet must have uniform structure, because they are generated by the same bot fixedly. In this paper, the similarity of nicknames in the same channel is defined by the term dasiachannel distancepsila. And a novel algorithm based on channel distance is proposed to detect IRC-based botnets. The most significant contribution of this algorithm is that it can detect new IRC-based botnets without any delay. As a universal approach to detect IRC-based botnets, this algorithm does not need any pre-analysis to existing bots. Botnet detection program based on this algorithm has run stable for two weeks on a high-performance internet information capture platform, and successfully detected 161 botnet channels.
Keywords :
Internet; invasive software; IRC-based botnets; bot nicknames; botnet detection program; channel distance; high-performance Internet information capture platform; Command and control systems; Communication system traffic control; Computer networks; Information security; Internet; Network servers; Protocols; Telecommunication traffic; Traffic control; Web server; IRC; botnet; channel distance; nickname;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.72
