NDLI: Botnet Detection by Abnormal IRC Traffic Analysis

Please wait, while we are loading the content...

Botnet Detection by Abnormal IRC Traffic Analysis

Content Provider	Semantic Scholar
Author	Lai, Gu-Hsin Chen, Chia-Mei Tzeng, Ray-Yu Laih, Chi-Sung Faloutsos, Christos
Copyright Year	2009
Abstract	Recently, Botnet has become one of the most severe threats on the Internet because it is hard to be prevented and cause huge losses. Prior intrusion detection system researches focused on traditional threats like virus, worm or Torjan. However, traditional intrusion detection system cannot detect Botnet activities before botmasters launch final attack. In Botnet attack, in order to control a large amount of compromised hosts (bots), Botmasters use public internet service as communication and control channel (C&C Channel). IRC (Internet Relay Chat) is the most popular communication service which botbasters use to send command to their bots. Once bots receive commands from botmasters, they will do the corresponding abnormal action. It seems that Botnet activities could be detected by observing abnormal IRC traffic. In this paper, we will focus on abnormal IRC traffic analysis, we will use three unique characteristics of Botnet ,“Group Activity”, “Homogeneous Response” and “Abnormal direction of PING and PONG messages” to detect abnormal Botnet activities in LAN. We develop an on-line IRC IDS to detect abnormal IRC behavior. In the proposed system, abnormal IRC traffic can be detect and we can (1) identify the infected hosts (bots) before botmasters launch final attack (e.g. DDoS or Phishing) and (2) find out the malicious IRC servers in LAN in real time. The experiments shows that the proposed system can indeed detect abnormal IRC traffic and prevent Botnet attack.
File Format	PDF HTM / HTML
Alternate Webpage(s)	http://jwis2009.nsysu.edu.tw/location/paper/Botnet%20Detection%20by%20Abnormal%20IRC%20Traffic%20Analysis.pdf
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in