期刊名称:International Journal of Computer Technology and Applications
电子版ISSN:2229-6093
出版年度:2013
卷号:4
期号:5
页码:793-797
出版社:Technopark Publications
摘要:Botnet is one of the most dangerous threats in internet. Botnet [10] consists of a network of compromised computers connected to the network that is controlled by a remote attacker (Botmaster). Botnets perform various attacks such as DDoS attacks, Click Fraud attacks, and are also involved in distribution of spam emails, key loggers etc. Existing techniques for the detection of bot includes deployment of Honey pots, Usage of signatures for detection of various attacks, Monitoring Network traffic for anomaly detection. Disadvantage in Honey pot detection is to captures and tracks the activity only attacker directly interact with it. In Signature based detection only known attacks can be detected and further, it needs regular update of rules. A network-based detection monitors the network traffic which involves deep packet inspection requires high computing performance. To overcome the disadvantages of the existing solutions, A new Symptoms Based Detection and Removal of Bot Processes algorithm is proposed. The proposed algorithm provides a host based solution, which enables online bot process detection and its removal. The Detection process is based on the detection of illegitimate process which uses TCP connections. This involves observing the Digital signature of the process, installed Programs path and also the registry entries associated with the process. The proposed solution when tested on a bot infected machine, was found to detected as well as remove the malicious Bot processes
