Automatic Discovery of Botnet Communities on Large-Scale Communication Networks

Botnets are networks of compromised computers infected with malicious code that can be controlled remotely under a common Command and Control (C&C) channel. Recognized as one the most serious security threats on current Internet infrastructure, advanced botnets are hidden not only in existing well known network applications (e.g. IRC, HTTP, or Peer-to-Peer) but also in some unknown or novel (creative) applications, which makes the botnet detection a challenging problem. Most current attempts for detecting botnets are to examine traffic content for bot signatures on selected network links or by setting up honeypots.