Hidden bot detection by tracing non-human generated traffic at the zombie host

Jonghoon Kwon, Jehyun Lee, Heejo Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    9 Citations (Scopus)

    Abstract

    Defeating botnet is the key to secure Internet. A lot of cyber attacks are launched by botnets including DDoS, spamming, click frauds and information thefts. Despite of numerous methods have been proposed to detect botnets, botnet detection is still a challenging issue, as adversaries are constantly improving bots to write them stealthier. Existing anomaly-based detection mechanisms, particularly network-based approaches, are not sufficient to defend sophisticated botnets since they are too heavy or generate non-negligible amount of false alarms. As well, tracing attack sources is hardly achieved by existing mechanisms due to the pervasive use of source concealment techniques, such as an IP spoofing and a malicious proxy. In this paper, we propose a host-based mechanism to detect bots at the attack source. We monitor non-human generated attack traffics and trace their corresponding processes. The proposed mechanism effectively detects malicious bots irrespective of their structural characteristics. It can protect networks and system resources by shutting down attack traffics at the attack source. We evaluate our mechanism with eight real-life bot codes that have distinctive architectures, protocols and attack modules. In experimental results, our mechanism effectively detects bot processes in around one second after launching flood attacks or sending spam mails, while no false alarm is generated.

    Original languageEnglish
    Title of host publicationInformation Security Practice and Experience - 7th International Conference, ISPEC 2011, Proceedings
    Pages343-361
    Number of pages19
    DOIs
    Publication statusPublished - 2011
    Event7th International Conference on Information Security Practice and Experience, ISPEC 2011 - Guangzhou, China
    Duration: 2011 May 302011 Jun 1

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume6672 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Other

    Other7th International Conference on Information Security Practice and Experience, ISPEC 2011
    Country/TerritoryChina
    CityGuangzhou
    Period11/5/3011/6/1

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)

    Fingerprint

    Dive into the research topics of 'Hidden bot detection by tracing non-human generated traffic at the zombie host'. Together they form a unique fingerprint.

    Cite this