Abstract
Unlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable of causing, detection and mitigation of botnet threats are imperative. In this paper, we present a host-based method for detecting and differentiating different types of botnet infections based on their C&C styles, e.g., IRC-based, HTTP-based, or peer-to-peer (P2P) based. Our ability to detect and classify botnet C&C channels shows that there is an inherent similarity in C&C structures for different types of bots and that the network characteristics of botnet C&C traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.929 and a false positive rate of 0.078.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wurzinger, P., Bilge, L.: Automatically Generating Models for Botnet Detection. In: European Symposium on Research in Computer Security (2009)
Vokorokos, L., Balaz, A., Chovanec, M.: Intrusion Detection System Using Self Organizing Map. Acta Electrotechnica et Informatica (2006)
Giroire, F., Chandrashekar, J., Taft, N., Schooler, E., Papaginnaki, D.: Exploiting Temporal Persistence to Detect Covert Botnet Channels. Recent Advances in Intrusion Detection (2009)
Ramachandran, A., Mundada, Y., Tariq, M.B., Feamster, N.: Securing Enterprise Networks Using Traffic Tainting. Special Interest Group on Data Communication (2008)
Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Network and Distributed System Security (2007)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In: Proceedings of the 17th Conference on Security Symposium (2008)
Chang, S., Daniels, T.: P2P Botnet Detection using Behavior Clustering & Statistical Test
Clam AntiVirus, http://www.clamav.net
Weka 3 Data Mining and Machine Learning Software, http://www.cs.waikato.ac.nz/ml/weka/
John, J., Moshchuk, A., Gribble, S., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. Network Systems Design and Implementation (2009)
Zeng, Y., Hu, X., Shin, K.: Detection of Botnets Using Combined Host- and Network-Level Information. In: International Conference on Dependable Systems & Networks (2008)
Stewart, J.: Inside the Storm: Protocols and Encryption of the Storm Botnet (2008), http://www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf
Pitsillidis, A., Levchenko, K., Kreibich, C., Kanich, C., Voelker, G., Paxson, V., Weaver, N., Savage, S.: Botnet Judo: Fighting Spam with Itself. Network and Distributed System Security (2009)
Porras, P., Saidi, H., Yegneswaran, V.: A Multi-perspective Analysis of the Storm (Peacomm) Worm (2007), http://www.cyber-ta.org/pubs/StormWorm/report
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fedynyshyn, G., Chuah, M.C., Tan, G. (2011). Detection and Classification of Different Botnet C&C Channels. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., GarcÃa Villalba, L.J., Li, A.X., Wang, Y. (eds) Autonomic and Trusted Computing. ATC 2011. Lecture Notes in Computer Science, vol 6906. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23496-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-23496-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23495-8
Online ISBN: 978-3-642-23496-5
eBook Packages: Computer ScienceComputer Science (R0)