A Novel Approach for the Early Detection and Identification of Botnets

Abstract

Botnets are growing in size, number and impact. It continues to be one of the top three web threats that mankind has ever known. The botnets are the souped-up cyber engines driving nearly all criminal commerce on the Internet and are seen as relaying millions of pieces of junk e-mail, or spam. Thus, the need of the hour is the early detection and identification of the heart of network packet flooding or the C&C centre. Most of the botmasters perform DDos attacks on a target server by spoofing the source IP address. The existing botnet detection techniques rely on machine learning algorithms and do not expound the IP spoofing issue. These approaches are also found to be unsuccessful in the meticulous identification of the botmasters. Here we propose an architecture that depend on the PSO-based IP tracebacking. Our architecture also introduces the IP spoofing detector unit so as to ensure that the Traceback moves in the right direction. The approach also detects the zombies and utilizes the PSO optimization technique that aid in the identification of the C&C node. The experimental results show that our approach is successful in prompt detection of the bots.