A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior

Author

Akiyama, Mitsuaki ; Kawamoto, Takanori ; Shimamu, Masayoshi ; Yokoyama, Teruaki ; Kadobayashi, Youki ; Yamaguchi, Suguru

Author_Institution

Internet Eng. Lab., Nara Inst. of Sci. & Technol.

fYear

2007

fDate

Jan. 2007

Firstpage

82

Lastpage

82

Abstract

In this paper, we propose three metrics for detecting botnets through analyzing their behavior. Our social infrastructure (i.e., the Internet) is currently experiencing the danger of bots´ malicious activities as the scale of botnets increases. Although it is imperative to detect botnet to help protect computers from attacks, effective metrics for botnet detection have not been adequately researched. In this work we measure enormous amounts of traffic passing through the Asian Internet Interconnection Initiatives (AIII) infrastructure. To validate the effectiveness of our proposed metrics, we analyze measured traffic in three experiments. The experimental results reveal that our metrics are applicable for detecting botnets, but further research is needed to refine their performance

Keywords

Internet; security of data; telecommunication security; telecommunication traffic; Asian Internet Interconnection Initiatives infrastructure; Internet; botnet detection; telecommunication security; telecommunication traffic; Asia; Command and control systems; Computer crime; Internet; Laboratories; Proposals; Protection; Scattering; Telecommunication traffic; Wide area networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on

Conference_Location

Hiroshima

Print_ISBN

0-7695-2757-4

Electronic_ISBN

0-7695-2757-4

Type

conf

DOI

10.1109/SAINT-W.2007.14

Filename

4090153