Yousof Al-Hammadi
Detecting Botnets Through Log Correlation
Al-Hammadi, Yousof; Aickelin, Uwe
Authors
Uwe Aickelin
Abstract
Botnets, which consist of thousands of compromised machines, can cause a significant threat to other systems by launching Distributed Denial of Service attacks, keylogging, and backdoors. In response to this threat, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface system calls made by communication applications. Existing approaches for botnet detection are based on finding bot traffic patterns. Our approach does not depend on finding patterns but rather monitors the change of behaviour in the system. In addition, we will present our idea of detecting botnet based on log correlations from different hosts.
Citation
Al-Hammadi, Y., & Aickelin, U. Detecting Botnets Through Log Correlation. Presented at Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006)
Conference Name | Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006) |
---|---|
Deposit Date | Oct 17, 2007 |
Peer Reviewed | Peer Reviewed |
Public URL | https://nottingham-repository.worktribe.com/output/1018643 |
Files
06monam_bots.pdf
(110 Kb)
PDF
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: discovery-access-systems@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search