IRC Botnets´ Homology Identifying Method Based on Improved LB_PAA Distance of Communication Characteristic Curves

Author

Jia, Yan ; Li, Runheng ; Gan, Liang ; Chen, Guangqiang

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China

fYear

2010

fDate

2-4 April 2010

Firstpage

360

Lastpage

365

Abstract

IRC botnet can be regarded as a collection of compromised computers (called Zombie computers) running software under the command-and-control infrastructure constructed by the IRC server. The connection between the botnet server and the bots are usually very dynamic. In order to describe a botnet at a finer granularity, the paper proposed a method that identify homologous botnets by extracting communication characteristic curves and compute the dynamic time warping distance between the curves, and used improved LB_PAA distance to reduce computational complexity. Experiments were carried out for validation purposes, the error rates were evaluated and shown.

Keywords

command and control systems; computational complexity; time warp simulation; IRC botnet homology identifying method; IRC server; Zombie computers; command-and-control infrastructure; communication characteristic curve extraction; communication characteristic curves; computational complexity; dynamic time warping distance; error rates; Computational complexity; Computer security; Data mining; Data security; Error analysis; Frequency; Information security; National security; Network servers; Web server; LB_PAA; botnet; communication; dynamic time warping distance; homologous;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Information Technology and Security Informatics (IITSI), 2010 Third International Symposium on

Conference_Location

Jinggangshan

Print_ISBN

978-1-4244-6730-3

Electronic_ISBN

978-1-4244-6743-3

Type

conf

DOI

10.1109/IITSI.2010.69

Filename

5453595