Bot detection based on traffic analysis

Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

Original languageEnglish
Title of host publicationProceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Pages303-306
Number of pages4
DOIs
Publication statusPublished - Dec 1 2007
Event2007 International Conference on Intelligent Pervasive Computing, IPC 2007 - Jeju Island, Korea, Republic of
Duration: Oct 11 2007Oct 13 2007

Publication series

NameProceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Other

Other2007 International Conference on Intelligent Pervasive Computing, IPC 2007
CountryKorea, Republic of
CityJeju Island
Period10/11/0710/13/07

Fingerprint

Servers
Information systems
Network protocols
Communication
Botnet
Malware

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Computer Networks and Communications
  • Software

Cite this

Kugisaki, Y., Kasahara, Y., Hori, Y., & Sakurai, K. (2007). Bot detection based on traffic analysis. In Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007 (pp. 303-306). [4438445] (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007). https://doi.org/10.1109/IPC.2007.91

Bot detection based on traffic analysis. / Kugisaki, Yuji; Kasahara, Yoshiaki; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007. 2007. p. 303-306 4438445 (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kugisaki, Y, Kasahara, Y, Hori, Y & Sakurai, K 2007, Bot detection based on traffic analysis. in Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007., 4438445, Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, pp. 303-306, 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, Jeju Island, Korea, Republic of, 10/11/07. https://doi.org/10.1109/IPC.2007.91
Kugisaki Y, Kasahara Y, Hori Y, Sakurai K. Bot detection based on traffic analysis. In Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007. 2007. p. 303-306. 4438445. (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007). https://doi.org/10.1109/IPC.2007.91
Kugisaki, Yuji ; Kasahara, Yoshiaki ; Hori, Yoshiaki ; Sakurai, Kouichi. / Bot detection based on traffic analysis. Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007. 2007. pp. 303-306 (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007).
@inproceedings{57e7c0bd88e940d79ff20fab599097ac,
title = "Bot detection based on traffic analysis",
abstract = "Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.",
author = "Yuji Kugisaki and Yoshiaki Kasahara and Yoshiaki Hori and Kouichi Sakurai",
year = "2007",
month = "12",
day = "1",
doi = "10.1109/IPC.2007.91",
language = "English",
isbn = "0769530060",
series = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",
pages = "303--306",
booktitle = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",

}

TY - GEN

T1 - Bot detection based on traffic analysis

AU - Kugisaki, Yuji

AU - Kasahara, Yoshiaki

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

AB - Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

UR - http://www.scopus.com/inward/record.url?scp=50249168251&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50249168251&partnerID=8YFLogxK

U2 - 10.1109/IPC.2007.91

DO - 10.1109/IPC.2007.91

M3 - Conference contribution

AN - SCOPUS:50249168251

SN - 0769530060

SN - 9780769530062

T3 - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

SP - 303

EP - 306

BT - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

ER -