Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware

Young Hoon Moon, Eunjin Kim, Suh Mahn Hur, Huy Kang Kim

Research output: Contribution to journalArticle

4 Citations (Scopus)


As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

Original languageEnglish
Pages (from-to)1094-1101
Number of pages8
JournalSecurity and Communication Networks
Issue number10
Publication statusPublished - 2012 Oct 1



  • Behavioral analysis
  • Botnet detection
  • Honeynets
  • Intentional infection
  • Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this