Abstract
Unlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable of causing, detection and mitigation of botnet threats are imperative. In this paper, we present a host-based method for detecting and differentiating different types of botnet infections based on their C&C styles, e.g., IRC-based, HTTP-based, or peer-to-peer (P2P) based. Our ability to detect and classify botnet C&C channels shows that there is an inherent similarity in C&C structures for different types of bots and that the network characteristics of botnet C&C traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.929 and a false positive rate of 0.078. © 2011 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Fedynyshyn, G., Chuah, M. C., & Tan, G. (2011). Detection and classification of different botnet C&C channels. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6906 LNCS, pp. 228–242). https://doi.org/10.1007/978-3-642-23496-5_17
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
