Behavioural correlation for detecting P2P bots

Yousof Al-Hammadi, Uwe Aickelin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

In the past few years, IRC bots, malicious programs which are remotely controlled by attackers through IRC servers, have become a major threat to the Internet and for users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or traceback, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots.

Original languageBritish English
Title of host publication2nd International Conference on Future Networks, ICFN 2010
Pages323-327
Number of pages5
DOIs
StatePublished - 2010
Event2nd International Conference on Future Networks, ICFN 2010 - Sanya, Hainan, China
Duration: 22 Jan 201024 Jan 2010

Publication series

Name2nd International Conference on Future Networks, ICFN 2010

Conference

Conference2nd International Conference on Future Networks, ICFN 2010
Country/TerritoryChina
CitySanya, Hainan
Period22/01/1024/01/10

Fingerprint

Dive into the research topics of 'Behavioural correlation for detecting P2P bots'. Together they form a unique fingerprint.

Cite this