Detecting Botnets Through Log Correlation

Add code
Jan 15, 2010
Yousof Al-Hammadi, Uwe Aickelin
Figure 1 for Detecting Botnets Through Log Correlation
Figure 2 for Detecting Botnets Through Log Correlation
Figure 3 for Detecting Botnets Through Log Correlation
Figure 4 for Detecting Botnets Through Log Correlation

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Botnets, which consist of thousands of compromised machines, can cause significant threats to other systems by launching Distributed Denial of Service (SSoS) attacks, keylogging, and backdoors. In response to these threats, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface (API) functions calls made by communication applications and store these calls with their arguments in log files. Our algorithm detects botnets based on monitoring abnormal activity by correlating the changes in log file sizes from different hosts.

* Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation (MonAM2006)  * 4 pages, 7 figures, Workshop on Monitoring, Attack Detection and Mitigation (MonAM2006)  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon