Unlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster , may use the infected computer to carry out malicious activities. Given the damage botnets are capable of causing, detection and mitigation of botnet threats are imperative. In this paper, we present a host-based method for detecting and differentiating different types of botnet infections based on their C&C styles, e.g., IRC-based, HTTP-based, or peer-to-peer (P2P) based. Our ability to detect and classify botnet C&C channels shows that there is an inherent similarity in C&C structures for different types of bots and that the network characteristics of botnet C&C traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.929 and a false positive rate of 0.078.
CITATION STYLE
Fedynyshyn, G., Chuah, M., Tan, G., Calero, J., Yang, L., Mármol, F., … Wang, Y. (2011). Autonomic and Trusted Computing. (J. M. A. Calero, L. T. Yang, F. G. Mármol, L. J. García Villalba, A. X. Li, & Y. Wang, Eds.) (Vol. 6906, pp. 228–242). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-23496-5
Mendeley helps you to discover research relevant for your work.