ESORICS 2009, 14th European Symposium on Research in Computer Security, September 21-23, 2009, Saint-Malo, France / Also published as Springer "Lecture Notes in Computer Science", Volume 5789/2009
A botnet is a network of compromised hosts that is under the control of a single, malicious entity, often called the botmaster. We present a system that aims to detect bots, independent of any prior information about the command and control channels or propagation vectors, and without requiring multiple infections for correlation. Our system relies on detection models that target the characteristic fact that every bot receives commands from the botmaster to which it responds in a specific way. These detection models are generated automatically from network traffic traces recorded from actual bot instances. We have implemented the proposed approach and demonstrate that it can extract effective detection models for a variety of different bot families. These models are precise in describing the activity of bots and raise very few false positives.
Type:
Conference
City:
Saint-Malo
Date:
2009-09-19
Department:
Digital Security
Eurecom Ref:
2973
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in ESORICS 2009, 14th European Symposium on Research in Computer Security, September 21-23, 2009, Saint-Malo, France / Also published as Springer "Lecture Notes in Computer Science", Volume 5789/2009 and is available at : http://dx.doi.org/10.1007/978-3-642-04444-1
See also:
