Real-time Botnet command and control characterization at the host level

Real-time Botnet command and control characterization at the host level

A Botnet is a network of compromised machines which are controlled by a person called botmaster via a typical Command and Control (C&C) structure. Besides malicious activity on infected host, bots are employed to deliver attacks against outside targets including phishing, Distributed Denial of S...

Full description

Saved in:
Bibliographic Details
Published in:6th International Symposium on Telecommunications (IST) pp. 1005 - 1009
Main Authors: Etemad, F. F., Vahdani, P.
Format: Conference Proceeding
Language:English
Published: IEEE 01-11-2012
Subjects:
Botnet
Centralized C&C
Command and control systems
detection
Filtering
Host-Based
Malware
Protocols
real-time
Real-time systems
Servers
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A Botnet is a network of compromised machines which are controlled by a person called botmaster via a typical Command and Control (C&C) structure. Besides malicious activity on infected host, bots are employed to deliver attacks against outside targets including phishing, Distributed Denial of Service (DDoS) attacks and spamming. Counter measures against Botnet phenomenon are usually formed based on passive traffic analysis at network level. This limits encountering Botnets in a proactive manner. In this paper, we proposed a real-time approach which not only detects Botnet traffic on the host, but also can filter it from outgoing traffic in order to suppress the Botnet. Our approach works by detecting Botnet communication patterns which belongs to a centralized C&C structure. The capability of bot detection by real-time processing of host-related data solely, distinguishes our work from other existing approaches.
ISBN:1467320722
9781467320726
DOI:10.1109/ISTEL.2012.6483133