TY - GEN
T1 - DCA for bot detection
AU - Al-Hammadi, Yousof
AU - Aickelin, Uwe
AU - Greensmith, Julie
PY - 2008
Y1 - 2008
N2 - Ensuring the security of computers is a nontrivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a 'bot' - a malicious piece of software which is installed on a host machine and is controlled by a remote attacker, termed the 'botmaster of a botnet'. In this work, we use the biologically inspired Dendritic Cell Algorithm (DCA) to detect the existence of a single bot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single bot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
AB - Ensuring the security of computers is a nontrivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a 'bot' - a malicious piece of software which is installed on a host machine and is controlled by a remote attacker, termed the 'botmaster of a botnet'. In this work, we use the biologically inspired Dendritic Cell Algorithm (DCA) to detect the existence of a single bot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single bot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
UR - http://www.scopus.com/inward/record.url?scp=55749109008&partnerID=8YFLogxK
U2 - 10.1109/CEC.2008.4631034
DO - 10.1109/CEC.2008.4631034
M3 - Conference contribution
AN - SCOPUS:55749109008
SN - 9781424418237
T3 - 2008 IEEE Congress on Evolutionary Computation, CEC 2008
SP - 1807
EP - 1816
BT - 2008 IEEE Congress on Evolutionary Computation, CEC 2008
T2 - 2008 IEEE Congress on Evolutionary Computation, CEC 2008
Y2 - 1 June 2008 through 6 June 2008
ER -