• DocumentCode
    3308280
  • Title

    A Novel Approach to Detect IRC-Based Botnets

  • Author

    Wang, Wei ; Fang, Binxing ; Zhang, Zhaoxin ; Li, Chao

  • Author_Institution
    Res. Center of Comput. Network & Inf., Harbin Inst. of Technol., Harbin
  • Volume
    1
  • fYear
    2009
  • fDate
    25-26 April 2009
  • Firstpage
    408
  • Lastpage
    411
  • Abstract
    Bot nicknames within one IRC-based botnet must have uniform structure, because they are generated by the same bot fixedly. In this paper, the similarity of nicknames in the same channel is defined by the term dasiachannel distancepsila. And a novel algorithm based on channel distance is proposed to detect IRC-based botnets. The most significant contribution of this algorithm is that it can detect new IRC-based botnets without any delay. As a universal approach to detect IRC-based botnets, this algorithm does not need any pre-analysis to existing bots. Botnet detection program based on this algorithm has run stable for two weeks on a high-performance internet information capture platform, and successfully detected 161 botnet channels.
  • Keywords
    Internet; invasive software; IRC-based botnets; bot nicknames; botnet detection program; channel distance; high-performance Internet information capture platform; Command and control systems; Communication system traffic control; Computer networks; Information security; Internet; Network servers; Protocols; Telecommunication traffic; Traffic control; Web server; IRC; botnet; channel distance; nickname;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
  • Conference_Location
    Wuhan, Hubei
  • Print_ISBN
    978-1-4244-4223-2
  • Type

    conf

  • DOI
    10.1109/NSWCTC.2009.72
  • Filename
    4908294
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3308280