Sciweavers

MMMACNS
2010
Springer

Symptoms-Based Detection of Bot Processes

13 years 11 months ago
Symptoms-Based Detection of Bot Processes
Botnets have become the most powerful tool for attackers to victimize countless users across cyberspace. Previous work on botnet detection has mainly focused on identifying infected bot computers or IP addresses and not on identifying bot processes on a host machine. This paper aims to fill this gap by presenting a bot process detection technique based on process symptoms such as: TCP connection attempts, DNS activities, digital signatures, unauthorized process tampering, and process hiding. We partition symptoms into sets which are input into classifiers generating individual detection models which are later appropriately integrated so as to improve the detection accuracy. The integrated approach correctly identified two bot processes and did not produced any false positives and false negatives.
Jose Andre Morales, Erhan J. Kartaltepe, Shouhuai
Added 29 Jan 2011
Updated 29 Jan 2011
Type Journal
Year 2010
Where MMMACNS
Authors Jose Andre Morales, Erhan J. Kartaltepe, Shouhuai Xu, Ravi S. Sandhu
Comments (0)