Skip to main content
SpringerLink
Log in

Honeynet Based Botnet Detection Using Command Signatures

  • Conference paper
Advances in Wireless, Mobile Networks and Applications (ICCSEA 2011, WiMoA 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 154))

Abstract

Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. This alarming new class of attacks directly impacts the day to day lives of millions of people and endangers businesses and governments around the world. At the centre of many of these attacks is a large pool of compromised computers located in homes, schools, businesses, and governments around the world. Attackers use these zombies as anonymous proxies to hide their real identities and amplify their attacks. Bot software enables an operator to remotely control each system and group them together to form what is commonly referred to as a zombie army or botnet. A botnet is a network of compromised machines that can be remotely controlled by an attacker. In this we propose an approach using honeynet data collection mechanisms to detect IRC and HTTP based botnet. We have evaluated our approach using real world network traces.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Stankovic, S., Simic, D.: Defense Strategies against Modern Botnets. ArXiv e-prints (June 2009), http://en.wikipedia.org/wiki/Botnet

  2. The Honeynet Project. Know Your Enemy: Tracking Botnets, Internet (March 2005)

    Google Scholar 

  3. http://www.honeynet.org/papers/bots/

  4. Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. In: Proceedings of SRUTI 2005, pp. 39–44 (2005)

    Google Scholar 

  5. Freiling, F., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319–335. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the Workshop on Hot Topics in Understanding Botnets (April 2007)

    Google Scholar 

  7. Canavan, J.: The evolution of malicious IRC bots. In: Proceedings of the Virus Bulletin Conference (2005)

    Google Scholar 

  8. Barford, P., Yegneswaran, V.: An Inside Look at Botnets. Advances in Information Security, vol. 27, pp. 171–191. Springer, US (2007)

    Google Scholar 

  9. Provos, N.: A virtual honeypot framework. In: Proceedings of the USENIX Security in Special Workshop on Malware Detection, Advances in Symposium, pp. 1–14 (August 2004)

    Google Scholar 

  10. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52. ACM Press, New York (2006)

    Google Scholar 

  11. Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm

    Google Scholar 

  12. Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The Nepenthes Platform: An Efficient Approach to Collect Malware. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Honeyd Virtual Honeypot Framework, http://www.honeyd.org/

  14. Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets (March 2005), http://www.honeynet.org/papers/bots/

  15. Provos, N.: A virtual honeypot framework. In: Proceedings of the USENIX Security in Special Workshop on Malware Detection, Advances in Symposium, pp. 1–14 (August 2004)

    Google Scholar 

  16. Wireshark, www.wireshark.org

  17. Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Sec

    Google Scholar 

  18. Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet, Berkeley, CA, USA. USENIX Association (2006)

    Google Scholar 

  19. Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: HotBots 2007: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association (2007)

    Google Scholar 

  20. Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning technliques to identify botnet traffic. In: Proceedings of the 2nd IEEE LCN Workshop (November 2006)

    Google Scholar 

  21. Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D.: Detecting botnets with tight command and control. In: Proceedings of the 31st IEEE LCN (November 2006)

    Google Scholar 

  22. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium (2006)

    Google Scholar 

  23. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol- and structure independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium (2008)

    Google Scholar 

  24. Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets (March 2005), http://www.honeynet.org/papers/bots/

Download references

Author information

Authors and Affiliations

  1. Cyber Security Technology Division, CDAC Mohali, India, 160071

    J. S. Bhatia, R. K. Sehgal & Sanjeev Kumar

Authors
  1. J. S. Bhatia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. K. Sehgal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sanjeev Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Essex, Colchester, UK

    Salah S. Al-Majeed

  2. National Central University, Jung-li City, Taoyuan, Taiwan

    Chih-Lin Hu

  3. Wireilla Net Solutions PTY Ltd, Melbourne, Victoria, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bhatia, J.S., Sehgal, R.K., Kumar, S. (2011). Honeynet Based Botnet Detection Using Command Signatures. In: Al-Majeed, S.S., Hu, CL., Nagamalai, D. (eds) Advances in Wireless, Mobile Networks and Applications. ICCSEA WiMoA 2011 2011. Communications in Computer and Information Science, vol 154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21153-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21153-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21152-2

  • Online ISBN: 978-3-642-21153-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation