Botnet Detection Based on Correlation of Malicious Behaviors

Botnet has become the most serious security threats on the current Internet infrastructure. Botnet is a group of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command and Control (C&C) infrastructure. Botnets can not only be implemented by using existing well known bot tools, but can also be constructed from scratch and developed in own way, which makes the botnet detection a challenging problem. Because the P2P (peer to peer) botnet is a distributed malicious software network, it is more difficult to detect this bot. In this paper, we proposed a new general Botnet detection correlation algorithm, which is based on the correlation of host behaviors and classification method for network behaviors. The experimental results show the proposed approach not only can successfully detect known botnet with a high detection rate but it can also detect some unknown malware.

[1]  Bill McCarty,et al.  Botnets: Big and Bigger , 2003, IEEE Secur. Priv..

[2]  Hao Tu,et al.  Detecting Botnets by Analyzing DNS Traffic , 2007, PAISI.

[3]  Ali A. Ghorbani,et al.  BotCop: An Online Botnet Traffic Classifier , 2009, 2009 Seventh Annual Communication Networks and Services Research Conference.

[4]  Zhen Jin,et al.  Modeling and analyzing of botnet interactions , 2011 .

[5]  Suresh Singh,et al.  An Algorithm for Anomaly-based Botnet Detection , 2006, SRUTI.

[6]  Mohammad M. Masud,et al.  Mining Concept-Drifting Data Stream to Detect Peer to Peer Botnet Traffic , 2008 .

[7]  Ann Saccomano BIG AND BIGGER , 1999 .

[8]  Julie Greensmith,et al.  DCA for bot detection , 2008, 2008 IEEE Congress on Evolutionary Computation (IEEE World Congress on Computational Intelligence).

[9]  Farhoud Hosseinpour,et al.  Botnet detection based on common network behaviors by utilizing Artificial Immune System(AIS) , 2010, 2010 2nd International Conference on Software Technology and Engineering.

[10]  Alphonse Karr Worms and Viruses and Botnets, Oh My! Rational Responses to Emerging Internet Threats , 2006 .

[11]  Claudio Mazzariello IRC Traffic Analysis for Botnet Detection , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[12]  Foreword and Editorial International Journal of Hybrid Information Technology , 2022 .

[13]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[14]  Simon Heron Dynamic DNS: Working the botnet: how dynamic DNS is revitalising the zombie army , 2007 .

[15]  Brian Bonney Big and bigger , 2012 .

[16]  Ali A. Ghorbani,et al.  Clustering botnet communication traffic based on n-gram feature selection , 2011, Comput. Commun..