Symptoms-Based Detection of Bot Processes

13 years 10 months ago

Download www.profsandhu.com

Botnets have become the most powerful tool for attackers to victimize countless users across cyberspace. Previous work on botnet detection has mainly focused on identifying infected bot computers or IP addresses and not on identifying bot processes on a host machine. This paper aims to ﬁll this gap by presenting a bot process detection technique based on process symptoms such as: TCP connection attempts, DNS activities, digital signatures, unauthorized process tampering, and process hiding. We partition symptoms into sets which are input into classiﬁers generating individual detection models which are later appropriately integrated so as to improve the detection accuracy. The integrated approach correctly identiﬁed two bot processes and did not produced any false positives and false negatives.

Jose Andre Morales, Erhan J. Kartaltepe, Shouhuai

Real-time Traffic

Bot Process Detection | Detection | Individual Detection Models | Information Technology | MMMACNS 2010 |

claim paper

Post Info
More Details (n/a)

Added	29 Jan 2011
Updated	29 Jan 2011
Type	Journal
Year	2010
Where	MMMACNS
Authors	Jose Andre Morales, Erhan J. Kartaltepe, Shouhuai Xu, Ravi S. Sandhu

Comments (0)

Sciweavers

Symptoms-Based Detection of Bot Processes

Bot Process Detection | Detection | Individual Detection Models | Information Technology | MMMACNS 2010 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers