Bot detection based on traffic analysis

Yuji Kugisaki; Yoshiaki Kasahara; Yoshiaki Hori; Kouichi Sakurai

doi:10.1109/IPC.2007.91

Bot detection based on traffic analysis

Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

24 Citations (Scopus)

Abstract

Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

Original language	English
Title of host publication	Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Pages	303-306
Number of pages	4
DOIs	https://doi.org/10.1109/IPC.2007.91
Publication status	Published - 2007
Event	2007 International Conference on Intelligent Pervasive Computing, IPC 2007 - Jeju Island, Korea, Republic of Duration: Oct 11 2007 → Oct 13 2007

Publication series

Name	Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Other

Other	2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Country/Territory	Korea, Republic of
City	Jeju Island
Period	10/11/07 → 10/13/07

All Science Journal Classification (ASJC) codes

Computer Science(all)
Computer Networks and Communications
Software

Access to Document

10.1109/IPC.2007.91

Cite this

Bot detection based on traffic analysis. / Kugisaki, Yuji; Kasahara, Yoshiaki; Hori, Yoshiaki et al.
Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007. 2007. p. 303-306 4438445 (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kugisaki, Y, Kasahara, Y, Hori, Y & Sakurai, K 2007, Bot detection based on traffic analysis. in Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007., 4438445, Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, pp. 303-306, 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, Jeju Island, Korea, Republic of, 10/11/07. https://doi.org/10.1109/IPC.2007.91

@inproceedings{57e7c0bd88e940d79ff20fab599097ac,

title = "Bot detection based on traffic analysis",

abstract = "Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.",

author = "Yuji Kugisaki and Yoshiaki Kasahara and Yoshiaki Hori and Kouichi Sakurai",

year = "2007",

doi = "10.1109/IPC.2007.91",

language = "English",

isbn = "0769530060",

series = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",

pages = "303--306",

booktitle = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",

note = "2007 International Conference on Intelligent Pervasive Computing, IPC 2007 ; Conference date: 11-10-2007 Through 13-10-2007",

}

TY - GEN

T1 - Bot detection based on traffic analysis

AU - Kugisaki, Yuji

AU - Kasahara, Yoshiaki

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2007

Y1 - 2007

N2 - Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

AB - Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover, we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

UR - http://www.scopus.com/inward/record.url?scp=50249168251&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50249168251&partnerID=8YFLogxK

U2 - 10.1109/IPC.2007.91

DO - 10.1109/IPC.2007.91

M3 - Conference contribution

AN - SCOPUS:50249168251

SN - 0769530060

SN - 9780769530062

T3 - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

SP - 303

EP - 306

BT - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

T2 - 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Y2 - 11 October 2007 through 13 October 2007

ER -

Bot detection based on traffic analysis

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this