Abstract

Botnets, which consist of thousands of compromised machines, can cause significant threats to other systems by launching Distributed Denial of Service (DDoS) attacks, keylogging, and backdoors. In response to these threats, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface (API) functions calls made by communication applications and store these calls with their arguments in log files. Our algorithm detects botnets based on monitoring abnormal activity by correlating the changes in log file sizes from different hosts.

Highlights

  • An explosive growth of coordinated attacks has been noticed [1][6]

  • We focus on detecting botnets that use a centralized network

  • We investigate the normal behaviour of an mIRC clients vs. the sdbot

Read more

Summary

INTRODUCTION

An explosive growth of coordinated attacks has been noticed [1][6]. This kind of attack is performed by using Internet Relay Chat (IRC) networks to control compromised machines (zombies) and establish a distributed attack against other systems. A collection of compromised machines that are connected to a single channel on IRC networks forms a (Botnet) These machines can be controlled remotely by the attacker via command and control (C&C) to perform malicious activities such as DDoS attack. Most current bots are implemented to use a centralized network, which allow them to receive instructions from a central point This makes the process of tracing the bot herder (i.e. the attacker) a relatively easy task. The outgoing connections have different lengths and the number of bytes transferred per connection is not fixed [2] To address these problems, our aim is to detect botnets by monitoring the change of behaviour in log file sizes across several hosts and find the correlation between these changes.

DATA COLLECTION
Full details of Architecture
Experiments
RESULTS
Botnet Detection through Distributed Log Correlation
CONCLUSION AND FUTURE WORK
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
DDoS ATTACK MITIGATION WITH INTRUSION DETECTION SYSTEM (IDS) USING TELEGRAM BOTS
Mohammad Taufan Asri Zaen ... Ahmad Tantoni
JISA(Jurnal Informatika dan Sains) | VOL. 4
Mohammad Taufan Asri Zaen, et. al.Mohammad Taufan Asri Zaen ... Ahmad Tantoni
26 Dec 2021
A Secured Botnet Prevention Mechanism for HTTP Flooding Based DDoS Attack
Durga Naga Malleswara Rao Varre ... Jayanag Bayana
-
Durga Naga Malleswara Rao Varre, et. al.Durga Naga Malleswara Rao Varre ... Jayanag Bayana
27 May 2022
The blind man and the elephant
A Abhishta
-
A AbhishtaA Abhishta
06 Dec 2019
Generating Adversarial DDoS Attacks with CycleGAN Architecture
Chin-Shiuh Shieh ... Mong-Fong Horng
-
Chin-Shiuh Shieh, et. al.Chin-Shiuh Shieh ... Mong-Fong Horng
01 Feb 2022
View more papers

More From: SSRN

Paper Title
Journal
Date
Author
CAKE: An Efficient Group Key Management for Dynamic Groups
Peter Hillmann ... Klement Streit
SSRN | VOL. -
Peter Hillmann, et. al.Peter Hillmann ... Klement Streit
01 Jan 2024
The Truth About Assertion and Retraction: a Review of the Empirical Literature
Markus Kneer ... Neri Marsili
SSRN | VOL. -
Markus Kneer, et. al.Markus Kneer ... Neri Marsili
01 Jan 2024
Choosing and Using Information in Evaluation Decisions
Katherine Coffman ... Scott Kostyshak
SSRN | VOL. -
Katherine Coffman, et. al.Katherine Coffman ... Scott Kostyshak
01 Jan 2024
Optimal Monotone Market-Based Contracts
Nikolaj Niebuhr Lambertsen
SSRN | VOL. -
Nikolaj Niebuhr LambertsenNikolaj Niebuhr Lambertsen
01 Jan 2024
View more papers