In the crimeware world, financial botnets are a global threat to banking organizations. Such malware purposely performs financial fraud and steals critical information from clients’ computers. A common example of banking malware is the ZeuS botnet. Recently, variants of this malware have targeted mobile platforms, as The-ZeuS-in-the-Mobile or Zitmo. With the rise in mobile systems, platform sec...

We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in c...

In August 2013, the Tor network experienced a sudden, drastic reduction in performance due to the Mevade/Sefnit botnet. This botnet ran its command and control server as a Tor hidden service, so that all infected nodes contacted the command and control through Tor. In this paper, we consider several protocol changes to protect Tor against future incidents of this nature, describing the research...

Nowadays decentralized botnets pose a great threat to Internet. They evolve new features such as P2P Command and Control(C&C), which makes traditional detection methods no longer effective for indicating the existence of the bots. In this paper, based on several of the new P2P botnet characteristic properties, we propose a novel real-time detecting model – MSFM (Multi-Stream Fused Model). MSFM ...

Recently, botnets utilizing peer-to-peer style communication infrastructures have been discovered, requiring new approaches to detection and monitoring techniques. Current detection methods analyze network communication patterns, identifying systems that may have been recruited into the botnet. This paper presents a localized botnet communication model that enables a portion of compromised syst...

A new approach for the botnet detection based on multi-agent system is proposed. The structure and main principles of antiviral agents’ functioning within multi-agent system is developed. The principles of communication between the agent’s units before and after attack on the computer system were developed. Software for realisation of antivirus multi-agent system on proposed techniques was deve...

This report mainly discusses the adaptability of the IRC-based Bot detection method to be used in the P2P-based Bot detection. The first section introduces the IRC-based bot and the newly appeared P2P-based bot to see their difference. The second section shows the related work and the traditional method of BOTNET detection. The third section discusses the methodology used by the IRC based Botne...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii