Understanding IRC bot behaviors in network-centric attack detection and prevention framework

Gail-Joon Ahn, Napoleon Paxton, Kevin Pearson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. Also, botnets are a prevalent and continuously growing method for conducting distributed attacks and identity theft. These attacks can include email spamming, distributed denial of service, port scanning, remote exploitation of vulnerabilities, and self-propagation to expand the botnet's size. The botnets can be used to scan infected hosts' machines and log keystrokes for sensitive data such as credit card and banking information, then relay gathered information to the botmasters. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with unknown bots. For these situations, a more proactive approach must be taken to gather and analyze botnets. In this paper, we introduce a network-centric attack management framework to learn more information about the bots by identifying malicious characteristics through the network traffic. Based on our framework, this paper focuses on our analysis method of IRC bots using IRC monitoring tool called IRC Sandman that observes IRC traffic and automatically downloads secondary injections from a command and control center. In addition, we briefly elaborate our findings and lessons learned.

Original languageEnglish (US)
Title of host publication3rd International Conference on Information Warfare and Security
PublisherAcademic Conferences Limited
Pages1-9
Number of pages9
StatePublished - 2008
Externally publishedYes
Event3rd International Conference on Information Warfare and Security, ICIW 2008 - Omaha, NE, United States
Duration: Apr 24 2008Apr 25 2008

Other

Other3rd International Conference on Information Warfare and Security, ICIW 2008
CountryUnited States
CityOmaha, NE
Period4/24/084/25/08

Keywords

  • Botnets
  • IRC bot
  • Network-centric attack

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Understanding IRC bot behaviors in network-centric attack detection and prevention framework'. Together they form a unique fingerprint.

  • Cite this

    Ahn, G-J., Paxton, N., & Pearson, K. (2008). Understanding IRC bot behaviors in network-centric attack detection and prevention framework. In 3rd International Conference on Information Warfare and Security (pp. 1-9). Academic Conferences Limited.