Botnet Detection with Event-Driven Analysis
2013 (English)In: Procedia Computer Science, ISSN 1877-0509, E-ISSN 1877-0509, Vol. 22, 662-671 p.Article in journal (Refereed) Published
Due to the huge impact on businesses, botnets are recognized as one of the most serious security threats. Malicious entities use various techniques to conceal and keep themselves undetected durin the proliferation of malware from computer to computer. Detection of a botnet is commonly performed in two ways either by using antivirus software or by analysing logged network data. However antivirus software usually detects malware that is already known and has been analysed, which is a main drawback of such approach due to the constant evolving of malware. The approach of analysis of logged network data do not reveals botnet activities and requires knowledge about botnets and type of data to look for within the collected log. Thus, the significant information can be overlooked and missed. In this paper, we propose event-driven log analysis software that enables detection of botnet activities and indicates whether the end-users machines have become a member of a botnet. Moreover, to optimize software functionality we performed an experiment that demonstrates how botnet communicates between itself and the command and control. Experiment along with the result is presented in this research.
Place, publisher, year, edition, pages
2013. Vol. 22, 662-671 p.
Log analysis, botnet, firewall log, network analysis
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-114698DOI: 10.1016/j.procs.2013.09.147OAI: oai:DiVA.org:su-114698DiVA: diva2:793804
17th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems, 9 - 11 September 2013, Kitakyushu, Japan