Detection and Classification of Different Botnet C&C Channels
Unlike other types of malware, botnets are characterized by their Command and Control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable of causing, detection and mitigation of botnet threats are imperative. In this paper, the authors present a host-based method for detecting and differentiating different types of botnet infections based on their C&C styles, e.g., IRC- based, HTTP-based, or Peer-To-Peer (P2P) based. Their ability to detect and classify botnet C&C channels shows that there is an inherent similarity in C&C structures for different types of bots and that the network characteristics of botnet C&C traffic is inherently different from legitimate network traffic.