Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Bot Detection and Botnet Tracking in Honeynet Context

  • Conference paper
  • First Online:
Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 1

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 50))

  • 989 Accesses

Abstract

Here in this paper we have proposed a framework for Bot detection and Botnet tracking. The proposed system uses a distributed network of Honeynets for capturing malware samples. The captured samples are processed by Machine learned model for their classification as bots or not-bots. We have used the Native API call sequences generated during the malware execution as feature set for the machine learned model. The samples identified as Bot are clustered based upon their network and system level features, each such cluster thus obtained represents a Botnet family. The Bot samples belonging to such clusters are executed regularly in the sandbox environment for the tracking of botnets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Zeidanloo, H.R., Shooshtari, M.J.Z., Amoli, P.V., Safari, M., Zamani, M.: A taxonomy of Botnet detection techniques, IEEE (2010) 987–1-4244-5540-9

    Google Scholar 

  2. Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, fidelity and containment in the potemkin virtual honey farm. In: Proceedings of ACM SIGOPS Operating System Review, vol. 39(5), pp. 148–162 (2005)

    Google Scholar 

  3. Freiling, F., Holz, T., Wicherski, G.: Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: Proceedings of 10th ESORICS. Lecture Notes in Computer Science, vol. 3676, pp. 319–335, Sept 2005

    Google Scholar 

  4. Sehgal, R.K., Bhilare, D.B., Chamotra, S.: An integrated framework for malware collection and analysis for Botnet Tracking. Int. J. Comput. Appl. (0975–8887) Commun. Secur. 10 (2012)

    Google Scholar 

  5. Gu, G., Yegneswaran, V., Porras, P., Stoll, J., Lee, W.: Active Botnet probing to identify obscure command and control channels. In: Proceeding of Annual Computer Security Application Conferences (ASAC), pp. 241–253 2009 (Botprobe)

    Google Scholar 

  6. Christodorescu, M., Jha, S: Static analysis of executable to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium (2003)

    Google Scholar 

  7. Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) (2005)

    Google Scholar 

  8. Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis. In: Annual Computer Security Application Conference (ACSAC) (2004)

    Google Scholar 

  9. Cohen, F.: Computer virus: theory and experiments. Comput. Secur. 6, 2235 (1987)

    Google Scholar 

  10. Madou, M., Anckaert, B., De Sutter, B., De Bosschere, K.: Hybrid static-dynamic attacks against software protection mechanisms. In: ACM Workshop on Digital Rights Management. Alexandria, VA, Nov 2005

    Google Scholar 

  11. Chen, X., Andersen, J., Mao, Z., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: IEEE International Conference on Dependable Systems and Networks with FTCS and DCC. DSN 2008, pp. 177–186 (2008)

    Google Scholar 

  12. Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: 15th Annual Network and Distributed System Security Symposium (NDSS08) (2008)

    Google Scholar 

  13. Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Analysis and Defense (2007)

    Google Scholar 

  14. Christodorescu, M., Jha, S., Seshia, S.A., Song, D.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy 1081–6011/05

    Google Scholar 

  15. Zhang, B., Yin, J., Hao, J., Zhang, D: Using support vector machine to detect unknown computer viruses. Int. J. Comput. Intell. Res. ISSN 0973–1873, pp. 100–104

    Google Scholar 

  16. Wang, C., Pang, J., Zhao, R., Fu, W., Liu, X: Malware detection based on suspicious behavior identification. In: First International Conference on Education Technology and Computer Science, IEEE Computer Society, 987-0-7695-3557-9/09

    Google Scholar 

  17. Dai, J., Guha, R., Lee, J.: Efficient virus detection using dynamic instruction sequences. J. Comput. 4(5) (2009)

    Google Scholar 

  18. Liu, L., Chen, S., Yan, G.: BotTracer: execution based Bot-like malware detection. In: Volume 5222 of the Series Lecture Notes in Computer Science, pp. 97–113

    Google Scholar 

  19. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: 16th USENIX Security Symposium (2008)

    Google Scholar 

  20. Goebel, J., Holz, T.: Rishi: identify Bot contaminated hosts by IRC nickname evaluation. In: USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07) (2007)

    Google Scholar 

  21. Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm and Nugache Trojans: P2P is here. USENIX; login 32, 18–27 (2007)

    Google Scholar 

  22. Stinson, E., Mitchell, J.C.: Characterizing Bots’ remote control behavior. In: International Conference on Detection of Intrusion and Malware and Vulnerability Assessment (2007)

    Google Scholar 

  23. Al-Hammadi, Y., Aickelin, U.: DCA for Bot detection. In: Proceedings of the IEEE World Congress on Computational Intelligence (WCCI) Hong kong, pp. 1807–1816 (2008)

    Google Scholar 

  24. Wang, M., Zhang, C., Yu, J.: Native: API based windows anomaly intrusion detection method using SVM. In: Proceedings of the IEEE International on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06)

    Google Scholar 

  25. Chamotra, S., Sehgal, R.K., Kamal, R.: HoneySand: an open source tools based sandbox environment for Bot analysis and Botnet tracking. Int. J. Comput. Appl. Commun. Secur. (Special issue) 7 (2012)

    Google Scholar 

  26. www.howzatt.demon.co.uk/NtTrace/

  27. Lee, W., Dong, X.: Information-theoretic measures for anomaly detection. In: Needham, R., Abadi, M. (eds.) Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Syber Security Technology Group CDAC, Mohali, India

    Saurabh Chamotra, Rakesh Kumar Sehgal & Sanjeev Ror

Authors
  1. Saurabh Chamotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rakesh Kumar Sehgal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sanjeev Ror
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saurabh Chamotra .

Editor information

Editors and Affiliations

  1. Anil Neerukonda Ins. of Tech. & Sci., Visakhapatnam, Andhra Pradesh, India

    Suresh Chandra Satapathy

  2. Indian Statistical Institute, Jadavpur University, Kolkata, India

    Swagatam Das

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Chamotra, S., Sehgal, R.K., Ror, S. (2016). Bot Detection and Botnet Tracking in Honeynet Context. In: Satapathy, S., Das, S. (eds) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 1. Smart Innovation, Systems and Technologies, vol 50. Springer, Cham. https://doi.org/10.1007/978-3-319-30933-0_56

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30933-0_56

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30932-3

  • Online ISBN: 978-3-319-30933-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation