Bot detection based on traffic analysis

Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Citations (Scopus)

Abstract

Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

Original languageEnglish
Title of host publicationProceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Pages303-306
Number of pages4
DOIs
Publication statusPublished - Dec 1 2007
Event2007 International Conference on Intelligent Pervasive Computing, IPC 2007 - Jeju Island, Korea, Republic of
Duration: Oct 11 2007Oct 13 2007

Publication series

NameProceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Other

Other2007 International Conference on Intelligent Pervasive Computing, IPC 2007
CountryKorea, Republic of
CityJeju Island
Period10/11/0710/13/07

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Computer Networks and Communications
  • Software

Fingerprint Dive into the research topics of 'Bot detection based on traffic analysis'. Together they form a unique fingerprint.

  • Cite this

    Kugisaki, Y., Kasahara, Y., Hori, Y., & Sakurai, K. (2007). Bot detection based on traffic analysis. In Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007 (pp. 303-306). [4438445] (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007). https://doi.org/10.1109/IPC.2007.91