A taxonomy of Botnet detection techniques

Proceedings - 2010 3rd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2010

Volumn 2, Issue , 2010, Pages 158-162

  Zeidanloo, Hossein Rouhani ^a   Zadeh, Mohammad Jorjor ^a   Shooshtari, ^a   Amoli, Payam Vahdani ^a   Safari, M ^b   Zamani, Mazdak ^b  

^a MALAYSIA JAPAN INTERNATIONAL INSTITUTE OF TECHNOLOGY   (Malaysia)

^b AMIRKABIR UNIVERSITY OF TECHNOLOGY   (Iran)

Author keywords

Bot; Botnet; Malicious activities; P2P; Patterns

Indexed keywords

BOT; BOTNET; MALICIOUS ACTIVITIES; P2P; PATTERNS;

COMPUTER CONTROL SYSTEMS; COMPUTER CRIME; COMPUTER SCIENCE; CRIME; INFORMATION TECHNOLOGY; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 77958527473     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICCSIT.2010.5563555     Document Type: Conference Paper

References (28)

1. P. Barford and V.Yagneswaran, "An Inside Look at Botnets". In: Special Workshop on Malware Detection, Advances in Information Security, Springer, Heidelberg (2006).
2. N. Ianelli, A. Hackworth, Botnets as a Vehicle for Online Crime, CERT, December 2005.
3. Zeidanloo, H.R.; Manaf, A.A. "Botnet Command and Control Mechanisms",. Second International Conference on Computer and Electrical Engineering, 2009. ICCEE '09. Page(s): 564 - 568. 2009.
4. Duc T. Ha, Guanhua Yan, Stephan Eidenbenz, Hung Q. Ngo. "On the effectiveness of structural detection and defense against P2P-based Botnet, " Proc. of the 39th Annual IEEE/MP International Conference on Dependable Systems and Networks (DSN'09), June 2009.
5. A. Ramachandran and N. Feamster, "Understanding the network-level behavior of spammers, " in Proc. ACM SIGCOMM, 2006.
6. K. K. R. Choo, "Zombies and Botnets, " Trends and issues in crime and criminal justice, no. 333, Australian Institute of Criminology, Canberra, March 2007.
7. M. Vrable, J. Ma, J. Chen, D. Moore, E.Vandekieft, A. C. Snoeren, G.M. Voelker, and S.Savage, " Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, " in Proc. ACM SIGOPS OperatingSystem Review, vol. 39(5), pp. 148-162, 2005.
8. F. Freiling, T. Holz, and G. Wicherski, "Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks, " in Proc. 10th European Symposium on Research in Computer Security (ESORICS), vol. Lecture Notes in Computer Science 3676, September 2005, pp. 319-335.
9. D. Dagon, C. Zou, and W. Lee, "Modeling Botnet propagation using time zones, " in Proc. 13th Network and Distributed System Security Symposium (NDSS'06), 2006.
10. J. Oberheide, M. Karir, and Z.M. Mao, "Characterizing Dark DNS Behavior, " in Proc. 4th nteraational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2007.
11. Snort IDS web page, http://www.snort.org March 2006.
12. J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by ire nickname evaluation. In Proceedings of USENIX HotBots'07, 2007.
13. B. Saha and A, Gairola, "Botnet: An overview, " CERT-In White PaperCIWP-2005-05, 2005.
14. STINSON, E. and MITCHELL, J. C, "Characterizing bots' remote control behavior, " in Proceedings of the 4th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07), 2007.
15. R. Binkley and S. Singh. An algorithm for anomaly-based Botnet detection. In Proceedings of USENIX SRLTCT06, pages 43-48, July 2006.
16. Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February2008.
17. H. Choi, H. Lee, H. Lee, and H. Kim, "Botnet Detection by Monitoring Group Activities in DNS Traffic, " in Proc. 7th IEEE International Conference on Computer and Information Technology (CIT 2007), 2007, pp.715-720.
18. R.Villamarin-Salomon and J.C. Brustoloni, "Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic, " in Proc. 5th IEEE Consumer Communications and Networking Conference (CCNC2008), 2008, pp. 476-481.
19. D. Dagon, "Botnet Detection and Response, The Network is the Infection, " in OARC Workshop, 2005.
20. J. Kristoff, "Botnets, " in 32nd Meeting of the North American Network Operators Group, 2004.
21. W. Strayer, D. Lapsley, B. Walsh, and C. Livadas, Botnet Detection Based on Network Behavior, ser. Advances in Information Security. Springer, 2008, PP. 1-24.
22. M. M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, K. W.Hamlen, " Flow-based identification of Botnet traffic by mining multiple in Proc. International Conference on Distributed Framework& Application, Penang, Malaysia.2008.
23. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "Botminer: Clustering analysis of network traffic for protocol- and structure independent Botnet detection, " in Proc. 17th USENIX Security Symposium, 2008.
24. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of the 16th USENIX Security Symposium (Security'07), 2007.
25. G. Gu, V. Yegneswaran, P. Porras, J. Stoll, and W. Lee. " Active Botnet probing to identify obscure command and control channels". In Proceeding of Annual computer security application conferences, asac, pp.241-253, 2009.
26. H.R. Zeidanloo, A.A. Manaf, " Botnet Detection by Monitoring Similar Communication Patterns". International Journal of Computer Science and Information Security, Vol. 7, No. 3, March 2010, ISSN 1947-5500. USA.
27. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling, "The nepenthes platform: An efficient approach to collect malware, " in Proceedings of International Symposium on Recent Advances in Intrusion Detection (RAID'06), (Hamburg), September 2006.
28. F. Freiling, T. Holz, and G.Wicherski, "Botnet Tracking: Exploring a Root-cause Methodology to Prevent Denial of Service Attacks, " in Proceedings of 10th European Symposium on Research in Computer Security (ESORICS'05), 2005.