Behavioural correlation for detecting P2P bots
In the past few years, IRC bots, malicious programs which are remotely controlled by the attacker through IRC servers, have become a major threat to the Internet and users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other...
| Main Authors: | , |
|---|---|
| Format: | Book Section |
| Published: |
IEEE
2010
|
| Online Access: | https://eprints.nottingham.ac.uk/1250/ |
| _version_ | 1848790570139385856 |
|---|---|
| author | Al-Hammadi, Yousof Aickelin, Uwe |
| author_facet | Al-Hammadi, Yousof Aickelin, Uwe |
| author_sort | Al-Hammadi, Yousof |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | In the past few years, IRC bots, malicious programs which
are remotely controlled by the attacker through IRC servers,
have become a major threat to the Internet and users. These
bots can be used in different malicious ways such as issuing
distributed denial of services attacks to shutdown other
networks and services, keystrokes logging, spamming, traffic
sniffing cause serious disruption on networks and users.
New bots use peer to peer (P2P) protocols start to appear
as the upcoming threat to Internet security due to the fact
that P2P bots do not have a centralized point to shutdown
or traceback, thus making the detection of P2P bots is a
real challenge. In response to these threats, we present an
algorithm to detect an individual P2P bot running on a
system by correlating its activities. Our evaluation shows
that correlating different activities generated by P2P bots
within a specified time period can detect these kind of bots. |
| first_indexed | 2025-11-14T18:14:43Z |
| format | Book Section |
| id | nottingham-1250 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:14:43Z |
| publishDate | 2010 |
| publisher | IEEE |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-12502020-05-04T20:25:07Z https://eprints.nottingham.ac.uk/1250/ Behavioural correlation for detecting P2P bots Al-Hammadi, Yousof Aickelin, Uwe In the past few years, IRC bots, malicious programs which are remotely controlled by the attacker through IRC servers, have become a major threat to the Internet and users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or traceback, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots. IEEE 2010-03 Book Section PeerReviewed Al-Hammadi, Yousof and Aickelin, Uwe (2010) Behavioural correlation for detecting P2P bots. In: Second International Conference on Future Networks, 2010: ICFN '10. IEEE, pp. 323-327. ISBN 978-0-7695-3940-9 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5431829 doi:10.1109/ICFN.2010.72 doi:10.1109/ICFN.2010.72 |
| spellingShingle | Al-Hammadi, Yousof Aickelin, Uwe Behavioural correlation for detecting P2P bots |
| title | Behavioural correlation for detecting P2P bots |
| title_full | Behavioural correlation for detecting P2P bots |
| title_fullStr | Behavioural correlation for detecting P2P bots |
| title_full_unstemmed | Behavioural correlation for detecting P2P bots |
| title_short | Behavioural correlation for detecting P2P bots |
| title_sort | behavioural correlation for detecting p2p bots |
| url | https://eprints.nottingham.ac.uk/1250/ https://eprints.nottingham.ac.uk/1250/ https://eprints.nottingham.ac.uk/1250/ |