Title :
Fast Deployment of Botnet Detection with Traffic Monitoring
Author :
Yang, Chung-Huang ; Ting, Kuang-Li
Author_Institution :
Nat. Kaohsiung Normal Univ., Taiwan
Abstract :
With the Internet crime growing, such as phishing, money mules, personal data stealing and trafficking, DDoS (Distributed Denial of Service), and other cases often heard by people from time to time. DDoS mostly uses botnet as source of attack, and distributes trojans and worms to infect hosts. Infected hosts become bots, and could be controlled by the botmaster. Botmaster uses command and control server to control bots. Because botmaster servers use dynamic types and encryption methods to communicate with bots, it´s difficult to detect bots. In this research, we designed and developed a system to detect bot-like traffic and deny traffic of who looks like bots. We revised the NTOP program and integrated it with self developed perl programs. Our system will monitor the network layer and transport layer on network activities and send email/SMS to the network administrator to block suspicious botnet.
Keywords :
computer crime; invasive software; monitoring; Internet crime; botmaster; botnet detection; command and control server; distributed denial of service; encryption methods; network activities; network administrator; network layer; ntop program; self developed perl programs; traffic monitoring; transport layer; Communication system traffic control; Computer crime; Computer hacking; Cryptography; Distributed computing; Monitoring; Network servers; Open systems; Postal services; Protocols; C&C server; botmaster; botnet; bots; ntop;
Conference_Titel :
Intelligent Information Hiding and Multimedia Signal Processing, 2009. IIH-MSP '09. Fifth International Conference on
Conference_Location :
Kyoto
Print_ISBN :
978-1-4244-4717-6
Electronic_ISBN :
978-0-7695-3762-7
DOI :
10.1109/IIH-MSP.2009.303
