Abstract
Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. This alarming new class of attacks directly impacts the day to day lives of millions of people and endangers businesses and governments around the world. At the centre of many of these attacks is a large pool of compromised computers located in homes, schools, businesses, and governments around the world. Attackers use these zombies as anonymous proxies to hide their real identities and amplify their attacks. Bot software enables an operator to remotely control each system and group them together to form what is commonly referred to as a zombie army or botnet. A botnet is a network of compromised machines that can be remotely controlled by an attacker. In this we propose an approach using honeynet data collection mechanisms to detect IRC and HTTP based botnet. We have evaluated our approach using real world network traces.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stankovic, S., Simic, D.: Defense Strategies against Modern Botnets. ArXiv e-prints (June 2009), http://en.wikipedia.org/wiki/Botnet
The Honeynet Project. Know Your Enemy: Tracking Botnets, Internet (March 2005)
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. In: Proceedings of SRUTI 2005, pp. 39–44 (2005)
Freiling, F., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319–335. Springer, Heidelberg (2005)
Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the Workshop on Hot Topics in Understanding Botnets (April 2007)
Canavan, J.: The evolution of malicious IRC bots. In: Proceedings of the Virus Bulletin Conference (2005)
Barford, P., Yegneswaran, V.: An Inside Look at Botnets. Advances in Information Security, vol. 27, pp. 171–191. Springer, US (2007)
Provos, N.: A virtual honeypot framework. In: Proceedings of the USENIX Security in Special Workshop on Malware Detection, Advances in Symposium, pp. 1–14 (August 2004)
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52. ACM Press, New York (2006)
Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm
Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The Nepenthes Platform: An Efficient Approach to Collect Malware. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006)
Honeyd Virtual Honeypot Framework, http://www.honeyd.org/
Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets (March 2005), http://www.honeynet.org/papers/bots/
Provos, N.: A virtual honeypot framework. In: Proceedings of the USENIX Security in Special Workshop on Malware Detection, Advances in Symposium, pp. 1–14 (August 2004)
Wireshark, www.wireshark.org
Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Sec
Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet, Berkeley, CA, USA. USENIX Association (2006)
Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: HotBots 2007: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association (2007)
Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning technliques to identify botnet traffic. In: Proceedings of the 2nd IEEE LCN Workshop (November 2006)
Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D.: Detecting botnets with tight command and control. In: Proceedings of the 31st IEEE LCN (November 2006)
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium (2006)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol- and structure independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium (2008)
Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets (March 2005), http://www.honeynet.org/papers/bots/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bhatia, J.S., Sehgal, R.K., Kumar, S. (2011). Honeynet Based Botnet Detection Using Command Signatures. In: Al-Majeed, S.S., Hu, CL., Nagamalai, D. (eds) Advances in Wireless, Mobile Networks and Applications. ICCSEA WiMoA 2011 2011. Communications in Computer and Information Science, vol 154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21153-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-21153-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21152-2
Online ISBN: 978-3-642-21153-9
eBook Packages: Computer ScienceComputer Science (R0)