Behavioural Correlation for Detecting P2P Bots

04/16/2010
by   Yousof Al-Hammadi, et al.
0

In the past few years, IRC bots, malicious programs which are remotely controlled by the attacker through IRC servers, have become a major threat to the Internet and users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or traceback, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots.

READ FULL TEXT
research
04/22/2010

Performance Evaluation of DCA and SRC on a Single Bot Detection

Malicious users try to compromise systems using new techniques. One of t...
research
07/29/2023

Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation

System auditing is a crucial technique for detecting APT attacks. Howeve...
research
03/07/2018

Shedding Light on the Dark Corners of the Internet: A Survey of Tor Research

Anonymity services have seen high growth rates with increased usage in t...
research
02/05/2010

Detecting Bots Based on Keylogging Activities

A bot is a piece of software that is usually installed on an infected ma...
research
01/02/2023

Honeypot Implementation in a Cloud Environment

In this age of digitalization, Internet services face more attacks than ...
research
11/09/2022

Detection of Sparse Anomalies in High-Dimensional Network Telescope Signals

Network operators and system administrators are increasingly overwhelmed...
research
03/05/2020

DANTE: A framework for mining and monitoring darknet traffic

Trillions of network packets are sent over the Internet to destinations ...

Please sign up or login with your details

Forgot password? Click here to reset