Abstract
In the past few years, IRC bots, malicious programs which are remotely controlled by the attacker through IRC servers, have become a major threat to the Internet and users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or traceback, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots.
Highlights
Internet and networks come under frequent attack from a diverse set of malicious programs and activity such as viruses and worms [3]
Internet Relay Chat (IRC) structures represent an efficient way of controlling botnets, one can prevent the bots from communicating with their herders by shutting down the central point
The frequency of API function calls for each process for the conducted experiments and the anomaly correlation values (ACV) when applying different sensitivity value (SV) are presented (SV=10,20,30,40,50)
Summary
Internet and networks come under frequent attack from a diverse set of malicious programs and activity such as viruses and worms [3]. Current bots use Internet Relay Chat (IRC) command and control (C&C) structure to communicate with their herders. IRC structures represent an efficient way of controlling botnets, one can prevent the bots from communicating with their herders by shutting down the central point. In order to avoid this problem, botnet herders started to deviate from using a centralised point to a another way of controlling their bots by using the decentralised structures as a mean to maintain their botnets. The attackers start to use P2P networks in order to control their botnets. By using this approach, the bots can contact other bots without having a centralised point for their command and control (C&C) structure
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
