Abstract
Botnet is a network of host machines infected by malicious code. Infected machines are bots that perform illegitimate activities with the help of bot master who has remote control over the bot machine. The infected bot machine performs actions such as key logging, information harvesting, and Denial of Service. The challenge is to identify the Zeus bot activity by monitoring the network and host activities. Monitoring the network activities leads to identification of communication patterns between bot and outside network. Monitoring host activities can effectively identify abnormal host activities. In this paper we propose a methodology to analyse and identify the presence of Zeus bot. Analysis is performed by observing the host and network activities of a machine. Based on the analysis we propose a system that consists of three modules, viz: Folder monitoring, Network monitoring, and API Hooks monitoring. The folder monitoring module monitors the folder in which the Zeus bot executable gets stored. The network monitoring module deals with capturing the host network lively and compares with a predefined pattern which consists of the communication pattern between the bot and its master. The pattern is fixed after monitoring the network of the host machine before and after infection. The API hook monitoring module monitors the API hooks used for stealing the credentials. Finally the Integrated decision module is triggered which decides whether the system is infected by Zeus bot based on three conditions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behavior. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 89–108. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_6
Liu, L., Chen, S., Yan, G., Zhang, Z.: BotTracer: execution-based bot-like malware detection. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 97–113. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_7
Park, Y., Reeves, D.S.: Identification of bot commands by runtime execution monitoring. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 321–330. IEEE, December 2009
Zeng, Y., Hu, X., Shin, K.G.: Detection of botnets using combined host and network-level information. In: 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 291–300. IEEE, June 2010
Shin, S., Xu, Z., Gu, G.: EFFORT: efficient and effective bot malware detection. In: 2012 Proceedings of INFOCOM, pp. 2846–2850. IEEE, March 2012
Ji, Y., Li, Q., He, Y., Guo, D.: Overhead analysis and evaluation of approaches to host-based bot detection. Int. J. Distrib. Sensor Netw. (2015)
Thejiya, V., Radhika, N., Thanudhas, B.: J-Botnet detector: a java based tool for HTTP botnet detection. Int. J. Sci. Res. (IJSR) 5(7), 282–290 (2016)
Bharathula, P., Mridula Menon, N.: Equitable machine learning algorithms to probe over P2P botnets. In: Das, S., Pal, T., Kar, S., Satapathy, S.C., Mandal, J.K. (eds.) Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. AISC, vol. 404, pp. 13–21. Springer, New Delhi (2016). https://doi.org/10.1007/978-81-322-2695-6_2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kalpika, R., Vasudevan, A.R. (2017). Detection of Zeus Bot Based on Host and Network Activities. In: Thampi, S., MartÃnez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_5
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)