A Novel Approach to Detect IRC-Based Botnets

Bot nicknames within one IRC-based botnet must have uniform structure, because they are generated by the same bot fixedly. In this paper, the similarity of nicknames in the same channel is defined by the term dasiachannel distancepsila. And a novel algorithm based on channel distance is proposed to...

Full description

Saved in:
Bibliographic Details
Main Authors: Wei Wang, Binxing Fang, Zhaoxin Zhang, Chao Li
Format: Conference Proceeding
Language:English
Subjects:
botnet
channel distance
Command and control systems
Communication system traffic control
Computer networks
Information security
Internet
IRC
Network servers
nickname
Protocols
Telecommunication traffic
Traffic control
Web server
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Bot nicknames within one IRC-based botnet must have uniform structure, because they are generated by the same bot fixedly. In this paper, the similarity of nicknames in the same channel is defined by the term dasiachannel distancepsila. And a novel algorithm based on channel distance is proposed to detect IRC-based botnets. The most significant contribution of this algorithm is that it can detect new IRC-based botnets without any delay. As a universal approach to detect IRC-based botnets, this algorithm does not need any pre-analysis to existing bots. Botnet detection program based on this algorithm has run stable for two weeks on a high-performance internet information capture platform, and successfully detected 161 botnet channels.
DOI:10.1109/NSWCTC.2009.72