Botnet Forensics Framework: Is Your System a Bot

There has been increase in the sophisticated attacks, ruining the stability and correctness of many network and services. The continuous attack from the attackers and hackers on the entire network, intend to manipulate the things on the network. Due to these significant threats botnets are the emerging area of research. Botnet cooperates so to achieve a malicious purpose. The botnet distinguish itself from other malware in the ability of its compromised machines to establish connection with command and control server controlled by bot-master. Due to the large number of compromised system the damage caused from botnet attack is catastrophic. In this paper we identify different types of botnet and define the botnet architectures. We further propose a framework for detecting a botnet and stopping it to spread, affecting our system and breaching the security of the network.

[1]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[2]  Lei Wu,et al.  A Systematic Study on Peer-to-Peer Botnets , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[3]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[4]  Ralph Broenink,et al.  Finding Relations Between Botnet C&Cs for Forensic Purposes , 2014 .

[5]  Felix C. Freiling,et al.  Walowdac - Analysis of a Peer-to-Peer Botnet , 2009, 2009 European Conference on Computer Network Defense.

[6]  Sandeep Yadav,et al.  Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis , 2012, IEEE/ACM Transactions on Networking.

[7]  Dae-il Jang,et al.  Analysis of HTTP2P botnet: case study waledac , 2009, 2009 IEEE 9th Malaysia International Conference on Communications (MICC).

[8]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[9]  Felix C. Freiling,et al.  Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks , 2005, ESORICS.

[10]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[11]  Kevin W. Hamlen,et al.  Flow-based identification of botnet traffic by mining multiple log files , 2008, 2008 First International Conference on Distributed Framework and Applications.

[12]  Sandeep Yadav,et al.  Detecting algorithmically generated malicious domain names , 2010, IMC '10.

[13]  Chaoge Liu,et al.  A hierarchical hybrid structure for botnet control and command , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[14]  Ricardo J. Rodríguez,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.

[15]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[16]  Ahmed F. Shosha,et al.  BREDOLAB: Shopping in the Cybercrime Underworld , 2012, ICDF2C.

[17]  Murray Brand FORENSIC RECOVERY AND ANALYSIS OF THE ARTEFACTS OF CRIMEWARE TOOLKITS , 2011 .

[18]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[19]  Michalis Faloutsos,et al.  Entelecheia: Detecting P2P botnets in their waiting stage , 2013, 2013 IFIP Networking Conference.

[20]  Jing Tao,et al.  A Novel IRC Botnet Detection Method Based on Packet Size Sequence , 2010, 2010 IEEE International Conference on Communications.

[21]  Elmar Gerhards-Padilla,et al.  Towards Sound Forensic Acquisition of Volatile Data , 2012, Future Security.

[22]  Hossein Rouhani Zeidanloo,et al.  New Approach for Detection of IRC and P2P Botnets , 2010 .

[23]  Mingteh Chen,et al.  The Analysis and Identification of P2P Botnet's Traffic Flows , 2011, Int. J. Commun. Networks Inf. Secur..

[24]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[25]  Ioannis G. Askoxylakis,et al.  Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems , 2012, Lecture Notes in Computer Science.

[26]  Mourad Debbabi,et al.  Insights from the analysis of the Mariposa botnet , 2010, 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS).

[27]  R. Villamarin-Salomon,et al.  Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[28]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[29]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[30]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[31]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.

[32]  Mrinal K. Ghose,et al.  An Efficient Machine Learning Based Classification Scheme for Detecting Distributed Command & Control Traffic of P2P Botnets , 2013 .

[33]  Mrinal Kanti Ghose,et al.  A Framework for P2P Botnet Detection Using SVM , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.