BotCop: An Online Botnet Traffic Classifier

Date Added: Jul 2009
Format: PDF

Over the past few years botnets have differentiated themselves as the main source of malicious activities such as Distributed-Denial-of-Service (DDoS) attacks, phishing, spamming, key-logging, click fraud, identity theft and information exfiltration. Similar to the other malicious software, botnets use a self-propagating application to infect vulnerable hosts. They, however, take advantage of a Command and Control (C&C) channel through which they can be updated and directed. According to the Command and Control (C&C) models, botnets are divided into two groups of centralized (e.g., IRC and HTTP) and distributed (e.g., P2P). Centralized botnets employ two mechanisms to receive the command from the server, namely push and pull.