Title :
Flow Based Botnet Detection
Author :
Lin, Hsiao-Chung ; Chen, Chia-Mei ; Tzeng, Jui-Yu
Author_Institution :
Dept. of Inf. Manage., Nat. Sun Yet-sen Univ., Kaohsiung, Taiwan
Abstract :
Botnet is a collection of computer hosts exploited by malicious software that is remotely controlled through a command and control channel. More new types of attacks invented based on Botnets. Because of usage of legitimate IRC (Internet Relay Chat) servers to command and control the bots, it is hard to detect and remove Botnets. Flow information may keep the fingerprint of bots and can be used to identify IRC-based Botnets. The proposed method applies flow correlation for grouping the same activities of the same IRC-based bots. After flow correlation, the normal IRC and abnormal IRC traces are identified by scoring technique.
Keywords :
Internet; invasive software; command and control channel; flow based botnet detection; flow correlation; flow information; legitimate Internet relay chat servers; malicious software; scoring technique; Command and control systems; Communication channels; Computer viruses; Computer worms; Information management; Internet; Intrusion detection; Monitoring; Relays; Sun;
Conference_Titel :
Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on
Conference_Location :
Kaohsiung
Print_ISBN :
978-1-4244-5543-0
DOI :
10.1109/ICICIC.2009.214