Download now Free registration required
Botnets are now recognized as one of the most serious security threats. In contrast to previous malware, botnets have the characteristic of a Command and Control (C&C) channel. Botnets also often use existing common protocols, e.g., IRC, HTTP, and in protocol-conforming manners. This makes the detection of botnet C&C a challenging problem. In this paper, the authors propose an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C&C server addresses. This detection approach can identify both the C&C servers and infected hosts in the network.
- Format: PDF
- Size: 339.13 KB