BotTracer: Execution-Based Bot-Like Malware Detection
Source: George Mason University
Bot-like malware has posed an immense threat to computer security. Bot detection is still a challenging task since bot developers are continuously adopting advanced techniques to make bots more stealthy. A typical bot exhibits three invariant features along its onset: the startup of a bot is automatic without requiring any user actions; a bot must establish a command and control channel with its botmaster; and a bot will perform local or remote attacks sooner or later. These invariants indicate three indispensable phases (startup, preparation, and attack) for a bot attack. This paper proposes BotTracer to detect these three phases with the assistance of virtual machine techniques.