A Framework on botnet detection and forensics
Harvinder Singh, Anchit Bijalwan
DOI: http://dx.doi.org/10.15439/2017R28
Citation: Proceedings of the Second International Conference on Research in Intelligent and Computing in Engineering, Vijender Kumar Solanki, Vijay Bhasker Semwal, Rubén González Crespo, Vishwanath Bijalwan (eds). ACSIS, Vol. 10, pages 93–101 (2017)
Abstract. The utilization of Internet on domestic and corporate front has been increasing at drastic rate. Each organization and enterprise exploits the internet to its fullest extent based on its requirements. In almost all areas, internet is proved to be a boon. But sometimes it lands the users into trouble because of unwanted and uninvited harmful software applications. There are so many types of threats and challenges that are faced by the internet users. Out of all the threats faced by internet users, botnets are at the top most position. Because of these prodigious threats botnets are the rising area of research. Botnet works as a coordinated or synchronized activity where different bots collectively participate to perform a malicious task. The botnet is different from other form of malware in its capability to compromise the computer systems or smartphones to set up a link with command and control(C\&C) server controlled by bot controller. Because of the massive participation of compromised machines the losses caused by botnet attack are immeasurable. As a result, different researchers are showing keen interest in the field of botnets. The trend reflects that the number of researches in this field have gone up at tremendous rate in past 5 to 10 years. The present paper proposes a framework to systematically identify the presence of malicious bot, prevent it from spreading further and performing its forensic investigation.
References
- A. Bijalwan and E. S. Pilli, "Understanding botnet on Internet," in Computational Intelligence and Computing Research (ICCIC), 2014 IEEE International Conference on, 2014, pp. 1-5.
- K. Singh ,S. Chandra Guntuku , A. Thakur , C. Hota “Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests” , Information Sciences 278 (2014) 488–497, March 2014
- M. Cremonini and M. Riccardi, “The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization.” , University of Milan Milano, Italy
- H. Rouhani Zeidanloo, A. Bt Abdul Manaf, R. Bt Ahmad, M. Zaman, “A Proposed Framework for P2P Botnet Detection”, IACSIT International Journal of Engineering and Technology, Vol.2, No.2, April 2010
- M. Riccardi, D. Oro and J. Luna, “A Framework For Financial Botnet Analysis” Barcelona Digital Technology Centre Barcelona, Spain jluna@bdigital.org
- H. Rouhani Zeidanloo, A. Bt Manaf, P. Vahdani, F. Tabatabaei, M. Zamani ,” Botnet Detection Based on Traffic Monitoring”, 2010 International Conference on Networking and Information Technology”
- Alden W. Jackson, D. Lapsley, C. Jones , SLINGbot: A System for Live Investigation of Next Generation Botnets, BBN Technologies ,10 Moulton Street Cambridge, MA 01845, USA
- C. Mazzariello ,University of Napoli Federico II, “IRC traffic analysis for botnet detection”, The Fourth International Conference on Information Assurance and Security
- H. Rouhani Zeidanloo, A. Bt Abdul Manaf, “Botnet Detection by Monitoring Similar Communication Patterns”, (IJCSIS) International Journal of Computer Science and Information Security, Vol. 7, No. 3, 2010
- W. Lu, M. Tavallaee and A. A. Ghorbani, “Automatic Discovery of Botnet Communitieson Large-Scale Communication Networks” University of New Brunswick Fredericton, NB E3B 5A3, Canada
- A. K. Soodn, R. J. Enbody, “Crimeware-as-a-service—A survey of commoditized crimeware in the underground market”, Internation al journal of critical infrastructu protection vol - 6( 2013 ) p 28 – 38
- D. Zhao , I. Traore , B Sayed , W. Lu , S. Saad ,A.Ghorbani , D. Garant, “Botnet detection based on traffic behavior analysis and flow intervals”, computers & security, 39 ( 2013 ) 2 -16
- T. Ormerod, Lingyu Wang, Mourad Debbabi,” Thomas Ormerod, Lingyu Wang, Mourad Debbabi”, National Cyber-Forensics and Training Alliance CANADA
- E. Stalmans, “A Framework for DNS based detection and mitigation of malware infections on a network”, Security and Networks Research Group Department of Computer Science Rhodes University Grahamstown,South Africa
- L. Mendonça, H. Santos,” Botnets: A Heuristic-Based Detection Framework”, Centro ALGORITMI University of Minho Braga, Portugal
- N. Paxton, G. Ahn, B. Chu, “Towards Practical Framework for Collecting and Analyzing Network-Centric Attacks”, University of North Carolina at Charlotte
- R. Ahmed, R. V. Dharaskar, “ Study of Mobile Botnets: An Analysis from the Perspective of Efficient Generalized Forensics Framework for Mobile Devices”, National Conference on Innovative Paradigms in Engineering & Technology (NCIPET-2012)
- U. Wijesinghe, U. Tupakula, V. Varadharajan, “An Enhanced Model for Network Flow Based Botnet Detection” , Proceedings of the 38th Australasian Computer Science Conference (ACSC 2015), Sydney, Australia, 27 - 30 January 2015
- L. Yeh, Y. Tsai,” An Automated Framework for Command and Control Server Connection and Malicious Mail Detection” ICNS 2015 The Eleventh International Conference on Networking and Services
- R. Shirazi, “Botnet Takedown Initiatives: A Taxonomy and Performance Model”, Technology Innovation Management Review, January 2015
- P. Sharma, S. Tiwari, A. Bijalwan, E. Pilli, “Botnet Detection Framework”, International Journal of Computer Applications (0975 – 8887) Volume 93 – No.19, May 2014
- H. Singh and A. Bijalwan, "A survey on Malware, Botnets and their detection," International Journal of Advanced Engineering Research and Science (IJAERS), vol. 03, no. 03, 2016.
- B. Anchit and S. Harvinder, "Investigation of UDP Bot Flooding Attack," Indian Journal of Science and Technology, vol. 9, no. 21, 2016.
- A. Bijalwan, M. Wazid, E. S. Pilli, and R. C. Joshi, "Forensics of random-UDP flooding attacks," Journal of Networks, vol. 10, no. 5, pp. 287-293, 2015.
- Sultan, M. Shahid. Monitoring HTTP based Command and Control Botnets in Network Traffic using Bot-Sniffer. Diss. Texas A&M University-Corpus Christi, 2015.