Hidden bot detection by tracing non-human generated traffic at the zombie host

Jonghoon Kwon, Jehyun Lee, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Defeating botnet is the key to secure Internet. A lot of cyber attacks are launched by botnets including DDoS, spamming, click frauds and information thefts. Despite of numerous methods have been proposed to detect botnets, botnet detection is still a challenging issue, as adversaries are constantly improving bots to write them stealthier. Existing anomaly-based detection mechanisms, particularly network-based approaches, are not sufficient to defend sophisticated botnets since they are too heavy or generate non-negligible amount of false alarms. As well, tracing attack sources is hardly achieved by existing mechanisms due to the pervasive use of source concealment techniques, such as an IP spoofing and a malicious proxy. In this paper, we propose a host-based mechanism to detect bots at the attack source. We monitor non-human generated attack traffics and trace their corresponding processes. The proposed mechanism effectively detects malicious bots irrespective of their structural characteristics. It can protect networks and system resources by shutting down attack traffics at the attack source. We evaluate our mechanism with eight real-life bot codes that have distinctive architectures, protocols and attack modules. In experimental results, our mechanism effectively detects bot processes in around one second after launching flood attacks or sending spam mails, while no false alarm is generated.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages343-361
Number of pages19
Volume6672 LNCS
DOIs
Publication statusPublished - 2011 May 26
Event7th International Conference on Information Security Practice and Experience, ISPEC 2011 - Guangzhou, China
Duration: 2011 May 302011 Jun 1

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6672 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th International Conference on Information Security Practice and Experience, ISPEC 2011
CountryChina
CityGuangzhou
Period11/5/3011/6/1

    Fingerprint

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kwon, J., Lee, J., & Lee, H. (2011). Hidden bot detection by tracing non-human generated traffic at the zombie host. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6672 LNCS, pp. 343-361). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6672 LNCS). https://doi.org/10.1007/978-3-642-21031-0_26