Botnets, large international networks of infected computers (so-called bots), play a central part in the digital underground economy, providing the infrastructure required for a multitude of malicious activities. To ensure a botnet keeps running, the botnet owner utilizes specialized technologies to send control messages to his bots, while keeping resilience against take down and stealth agains...

Botnet is widely used in cyber-attacks and becomes a serious threat to network security. Existing approaches can detect botnet effectively in certain environments, however problems still exist in using host or network detection approaches respectively, such as robustness in detection tools, difficulties in global deployment and low precision rate. To solve the above problems, a novel detection ...

Botnets are security threat now days, since they tend to perform serious internet attacks in vast area through the compromised group of infected machines. The presence of command and control mechanism in botnet structure makes them stronger than traditional attacks. Over course of the time botnet developer have switched to more advanced mechanism to evade each of which new detection methods and...

It’s increasingly difficult to detect botnets since the introduction of P2P communication. The flow characteristics and behaviors can be easily hidden if an attacker exploits the common P2P applications’ protocol to build the network and communicate. In this paper, we analyze two potential command and control mechanisms for Parasite P2P Botnet, we then identify the quasi periodical pattern of t...

The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has gro...

Botnets have emerged as one of the biggest threats to internet security in the recent years. They have confounded security researchers because of their mobile and secretive behavior. A Botnet is a network of zombie machines remotely controlled by a command server or a Botmaster. These compromised host machines may be used for sending spam, launching DOS attacks, spying or stealing information. ...

We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in c...

A “botnet” is a network of compromised computers (bots) that are controlled by an attacker (botmasters). Botnets are one of the most serious threats to today’s Internet; they are the root cause of many current Internet attacks, such as email spam, distributed denial of service (DDoS) attacks , click fraud, etc. There have been many researches on how to detect, monitor, and defend against botnet...

A new approach for the botnet detection based on multi-agent system is proposed. The structure and main principles of antiviral agents’ functioning within multi-agent system is developed. The principles of communication between the agent’s units before and after attack on the computer system were developed. Software for realisation of antivirus multi-agent system on proposed techniques was deve...