Abstract

As a bot communicates with a malicious controller over a normal communication or an encrypted channel and updates its code frequently, it becomes difficult to detect an infected personal computer (PC) using a signature-based intrusion detection system (IDS) and an antivirus system (AV). As sending control and attack packets from the bot process are independent of the user operation, a behavior monitor is effective in detecting an anomaly communication. In this paper, we propose a bot detection technique that checks outbound packets with destination-based whitelists. If any outbound packets during the non-operating duration do not match the whitelists, the PC is considered to be infected by the bot. The whitelists are a set of legitimate IP addresses (IPs) and/or domain names (DNs). We implement the proposal system as a host-based detector and evaluate false negative (FN) and false positive (FP) performance.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Detection of Bot Infected PCs Using Destination-Based IP and Domain Whitelists During a Non-Operating Term
Keisuke Takemori ... Tomohiro Takami
-
Keisuke Takemori, et. al.Keisuke Takemori ... Tomohiro Takami
01 Jan 2008
A Review on Machine Learning Based Approaches of Network Intrusion Detection Systems
... Basmah Alsulami
International Journal of Current Science Research and Review | VOL. 05
, et. al. ... Basmah Alsulami
26 Jun 2022
A Signature Based Intrusion Detection System with HPFSM and Fuzzy Based Classification Method (IDSFSC)
S Latha ... Sinthu Janita Prakash
Asian Journal of Engineering and Applied Technology | VOL. 8
S Latha, et. al.S Latha ... Sinthu Janita Prakash
05 May 2019
IDSFS: A Signature Based Intrusion Detection System with High Pertinent Feature Selection Method
S Latha ... Sinthu Janita Prakash
Asian Journal of Computer Science and Technology | VOL. 8
S Latha, et. al.S Latha ... Sinthu Janita Prakash
05 May 2019
View more papers

More From: Journal of Information Processing

Paper Title
Journal
Date
Author
Model Building and Description Using the Agent-based Computational Economics Framework for Accounting
Kosei Takashima ... Isao Yagi
Journal of Information Processing | VOL. 32
Kosei Takashima, et. al.Kosei Takashima ... Isao Yagi
01 Jan 2024
A Multi-core RTOS Benchmark Methodology To Assess System Services Under Contentions
Yixiao Xing ... Yixiao Li
Journal of Information Processing | VOL. 32
Yixiao Xing, et. al.Yixiao Xing ... Yixiao Li
01 Jan 2024
Text-mining Analysis of What Students Think About e-learning and Face-to-face Classes during COVID-19
Minae Nishimoto ... Keiji Emi
Journal of Information Processing | VOL. 32
Minae Nishimoto, et. al.Minae Nishimoto ... Keiji Emi
01 Jan 2024
A Sufficient Condition of Logically Constrained Term Rewrite Systems for Decidability of All-path Reachability Problems with Constant Destinations
Misaki Kojima ... Naoki Nishida
Journal of Information Processing | VOL. 32
Misaki Kojima, et. al.Misaki Kojima ... Naoki Nishida
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.