Title :
Detecting Bots Based on Keylogging Activities
Author :
Al-Hammadi, Yousof ; Aickelin, Uwe
Author_Institution :
Yousof Al-Hammadi & Uwe Aickelin Dept. of Comput. Sci. & Inf. Technol., Univ. of Nottingham, Nottingham
Abstract :
A bot is a piece of software that is usually installed on an infected machine without the user´s knowledge. A bot is controlled remotely by the attacker under a Command and Control structure. Recent statistics show that bots represent one of the fastest growing threats to our network by performing malicious activities such as email spamming or keylogging. However, few bot detection techniques have been developed to date. In this paper, we investigate a behavioural algorithm to detect a single bot that uses keylogging activity. Our approach involves the use of function calls analysis for the detection of the bot with a keylogging component. Correlation of the frequency of function calls made by the bot with other system signals during a specified time-window is performed to enhance the detection scheme. We perform a range of experiments with the spybot. Our results show that there is a high correlation between some function calls executed by this bot which indicates abnormal activity in our system.
Keywords :
invasive software; behavioural algorithm; bot detection techniques; command and control structure; key logging activities; malicious activities; Availability; Command and control systems; Communication system control; Computer science; Computer security; Frequency; Information security; Information technology; Mice; Protocols; API function calls; Bot; Correlation; IRC;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.58
