Abstract
Bots have become a popular vehicle for Internet crime. Bot detection is still a challenging task since bot developers come up with techniques for evading detection. Most bot detection techniques are network based and rely on correlation of behavior among similar hosts. Besides, network based systems deal with voluminous traffic and result in non-negligible false alarms. We propose a host-based detection technique leveraging the recurring patterns in the traffic generated by processes in a single user’s profile. From outgoing traffic in an un-infected host, destination white-lists for a user profile are generated. These white-lists along with bot behavior are used for detection. We were able to detect two real life bots using our method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gu, G., Perdisci, R., Zhang, J., Lee, W., et al.: BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium (SS 2008). USENIX Association, Berkeley (2008)
Zang, X., Tangpong, A., Kesidis, G., Miller, D.J.: CSE Dept Technical Report on Botnet Detection through Fine Flow Classification Report No. CSE11-001 (2011)
Law, F.Y.W., Chow, K.P., Lai, P.K.Y., Tse, H.K.S.: A Host-Based Approach to BotNet Investigation? In: Goel, S. (ed.) ICDF2C 2009. LNICST, vol. 31, pp. 161–170. Springer, Heidelberg (2010)
Fedynyshyn, G., Chuah, M.C., Tan, G.: Detection and Classification of Different Botnet C&C Channels. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 228–242. Springer, Heidelberg (2011)
Strayer, W., Lapsley, D., Walsh, B., Livadas, C.: Botnet Detection Based on Network Behavior. In: Botnet Detection. Advances in Information Security, vol. 36, pp. 1–24. Springer, Heidelberg (2008)
Borgaonkar, R.: An Analysis of the Asprox Botnet. In: 4th International Conference on Emerging Security Information Systems and Technologies (2010)
Stone-Gross, B., et al.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. In: CCS 2009 Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York (2009)
Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the Analysis of the Zeus Botnet Crimeware Toolkit. In: Eighth Annual International Conference on Privacy, Security and Trust
Sinha, P., Boukhtouta, A., Belarde, V.H., Debbabi, M.: Insights from the Analysis of the Mariposa Botnet. In: Fifth International Conference on Risks and Security of Internet Systems (2010)
Takemori, K., Nishigaki, M., Takami, T., Miyake, Y.: Detection of Bot Infected PCs using Destination-based IP and Domain Whitelists during a non-operating term. In: IEEE Global Telecommunications Conference, IEEE GLOBECOM (2008)
Liu, L., Chen, S., Yan, G., Zhang, Z.: BotTracer: Execution-Based Bot-Like Malware Detection. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 97–113. Springer, Heidelberg (2008)
Morales, J.A., Kartaltepe, E., Xu, S., Sandhu, R.: Symptoms-Based Detection of Bot Processes. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 229–241. Springer, Heidelberg (2010)
Xiong, H., Malhotra, P., Stefan, D., Wu, C., Yao, D.: User-Assisted Host-Based Detection of Outbound Malware Traffic. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 293–307. Springer, Heidelberg (2009)
Kwon, J., Lee, J., Lee, H.: Hidden Bot Detection by Tracing Non-human Generated Traffic at the Zombie Host. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 343–361. Springer, Heidelberg (2011)
Nazario, J.: Blackenergy DDoS bot analysis. Arbor Networks, Tech. Rep. (2007)
DETERlab, http://www.isi.deterlab.net/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Soniya, B., Wilscy, M. (2012). Host-Based Bot Detection Using Destination White-Lists for User’s Profile. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)