Security Investigate

Detection of Bot Infected PCs Using Destination-Based IP and Domain Whitelists During a Non-Operating Term

Download now Free registration required

Executive Summary

Spam e-mails and Distributed Denial Of Service (DDoS) attacks have now become critical issues to the Internet. These attacks are considered to be sent from bot infected PCs. As a bot communicates with a malicious controller over an encrypted channel and updates its code frequently, it becomes difficult to detect infected Personal Computers (PCs) using pattern-based Intrusion Detection Systems (IDSs) and AntiVirus systems (AVs). As sending attack and control packets from the bot process are independent of the user operation, a behavior monitor is effective to detect an anomaly communication.

  • Format: PDF
  • Size: 393.8 KB