Title :
Bot Detection Based on Traffic Analysis
Author :
Kugisaki, Yuji ; Kasahara, Yoshiaki ; Hori, Yoshiaki ; Sakurai, Kouichi
Author_Institution :
Kyushu Univ., Fukuoka
Abstract :
Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.
Keywords :
IP networks; computer viruses; file servers; protocols; telecommunication traffic; IP addresses; IRC protocol; IRC server; bot detection; bot infection; bot-infected computers; botnet; information system; malware; traffic analysis; vulnerable computers; Computer aided instruction; Computer crime; Computer networks; Information analysis; Information science; Information systems; Internet; Network servers; Pervasive computing; Relays;
Conference_Titel :
Intelligent Pervasive Computing, 2007. IPC. The 2007 International Conference on
Conference_Location :
Jeju City
Print_ISBN :
978-0-7695-3006-2
DOI :
10.1109/IPC.2007.91
