Detecting BOT Victim in Client Networks

Authors

  • Abinaya. E  Department of Information Technology, St Peter Engineering College, Avadi, Tamil Nadu, India
  • Balamurugan. K  

Keywords:

Horizontal Scanning, Botmaster, Bots, P2P, IRC, BotGraph, DPI, Clustering

Abstract

In this paper we discuss my research in detecting bot victim in client networks. Botnets are collections of Internet hosts ("bots") that, through malware infection, have fallen under the control of a single entity ("botmaster"). Botnets perform network scanning for different reasons: propagation, enumeration, penetration. One common type of scanning, called "horizontal scanning," systematically probes the same protocol port across a given range of IP addresses, sometimes selecting random IP addresses as targets. To infect new hosts in order to recruit them as bots, some botnets, e.g., Conficker perform a horizontal scan continuously using self-propagating worm code that exploits a known system vulnerability. In this project, we focus on a different type of botnet scan-one performed under the explicit command and control of the botmaster, occurring over a well-delimited interval.

References

  1. Stover, D. Dittrich, J. Hernandez, and S. Dietrich, "Analysis of the storm and nugache trojans: P2P is here," in Proc. USENIX, vol. 32. 2007, pp. 18–27.
  2. Porras, H. Saidi, and V. Yegneswaran, "A multi-perspective analysis of the storm (peacomm) worm," Comput. Sci. Lab., SRI Int., Menlo Park, CA, USA, Tech. Rep., 2007.
  3. Porras, H. Saidi, and V. Yegneswaran. (2009). Conficker C Analysis Online]. Available: http://mtc.sri.com/Conficker/addendumC/index.html
  4. Sinclair, C. Nunnery, and B. B. Kang, "The waledac protocol: The how and why," in Proc. 4th Int. Conf. Malicious Unwanted Softw., Oct. 2009, pp. 69–77.
  5. Lemos. (2006). Bot Software Looks to Improve Peerage Online]. Available: http://www.securityfocus.com/news/11390
  6. Zhao, Y. Xie, F. Yu, Q. Ke, and Y. Yu, "Botgraph: Large scale spamming botnet detection," in Proc. 6th USENIX NSDI, 2009, pp. 1–14.
  7. Gu, R. Perdisci, J. Zhang, and W. Lee, "Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection," in Proc. USENIX Security, 2008, pp. 139–154.
  8. -F. Yen and M. K. Reiter, "Are your hosts trading or plotting? Telling P2P file-sharing and bots apart," in Proc. ICDCS, Jun. 2010, pp. 241–252.
  9. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov, "BotGrep: Finding P2P bots with structured graph analysis," in Proc. USENIX Security, 2010, pp. 1–16.
  10. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster, "Boosting the scalability of botnet detection using adaptive traffic sampling," in Proc. 6th ACM Symp. Inf., Comput.Commun. Security,

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2016-08-30

Issue

Volume 1, Issue 1, July-August-2016

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Abinaya. E, Balamurugan. K, " Detecting BOT Victim in Client Networks, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 1, Issue 1, pp.14-18, July-August-2016.