Behavioural correlation for detecting P2P bots

Al-Hammadi, Yousof and Aickelin, Uwe (2010) Behavioural correlation for detecting P2P bots. In: Second International Conference on Future Networks, 2010: ICFN '10. IEEE, pp. 323-327. ISBN 978-0-7695-3940-9

[img] PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (116kB)

Abstract

In the past few years, IRC bots, malicious programs which

are remotely controlled by the attacker through IRC servers,

have become a major threat to the Internet and users. These

bots can be used in different malicious ways such as issuing

distributed denial of services attacks to shutdown other

networks and services, keystrokes logging, spamming, traffic

sniffing cause serious disruption on networks and users.

New bots use peer to peer (P2P) protocols start to appear

as the upcoming threat to Internet security due to the fact

that P2P bots do not have a centralized point to shutdown

or traceback, thus making the detection of P2P bots is a

real challenge. In response to these threats, we present an

algorithm to detect an individual P2P bot running on a

system by correlating its activities. Our evaluation shows

that correlating different activities generated by P2P bots

within a specified time period can detect these kind of bots.

Item Type: Book Section
Schools/Departments: University of Nottingham UK Campus > Faculty of Science > School of Computer Science
Depositing User: Aickelin, Professor Uwe
Date Deposited: 25 Mar 2010 15:29
Last Modified: 25 Mar 2010 15:29
URI: http://eprints.nottingham.ac.uk/id/eprint/1250

Actions (Archive Staff Only)

Edit View Edit View