• DocumentCode
    3455083
  • Title

    Flow Based Botnet Detection

  • Author

    Lin, Hsiao-Chung ; Chen, Chia-Mei ; Tzeng, Jui-Yu

  • Author_Institution
    Dept. of Inf. Manage., Nat. Sun Yet-sen Univ., Kaohsiung, Taiwan
  • fYear
    2009
  • fDate
    7-9 Dec. 2009
  • Firstpage
    1538
  • Lastpage
    1541
  • Abstract
    Botnet is a collection of computer hosts exploited by malicious software that is remotely controlled through a command and control channel. More new types of attacks invented based on Botnets. Because of usage of legitimate IRC (Internet Relay Chat) servers to command and control the bots, it is hard to detect and remove Botnets. Flow information may keep the fingerprint of bots and can be used to identify IRC-based Botnets. The proposed method applies flow correlation for grouping the same activities of the same IRC-based bots. After flow correlation, the normal IRC and abnormal IRC traces are identified by scoring technique.
  • Keywords
    Internet; invasive software; command and control channel; flow based botnet detection; flow correlation; flow information; legitimate Internet relay chat servers; malicious software; scoring technique; Command and control systems; Communication channels; Computer viruses; Computer worms; Information management; Internet; Intrusion detection; Monitoring; Relays; Sun;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on
  • Conference_Location
    Kaohsiung
  • Print_ISBN
    978-1-4244-5543-0
  • Type

    conf

  • DOI
    10.1109/ICICIC.2009.214
  • Filename
    5412278
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3455083