Abstract
Botnet-based cyber attacks cause large-scale damage with increasingly intelligent tools, which has called for varied research on bot detection. In this study, we developed a method of monitoring behaviors of host-based processes from the point that a bot header attempts to make zombie PCs, detecting cyber attack precursor symptoms. We designed an algorithm that figures out characteristics of botnet which attempts to launch malicious behaviors by means of signature registration, which is for process/reputation/network traffic/packet/source analysis and a white list, as a measure to respond to bots from the end point.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zhang, G., Parashar, M.: Cooperative Defense against Network Attacks. In: Proceedings of WOSIS 2005, ICEIS 2005, pp. 113–122. INSTICC Press (2005)
Turner, D., Fossl, M., Johnson, E., Mack, T., Blackbird, J., Entwisle, S., Low, M.K., McKinney, D., Wueest, C.: Symantec Global Internet Security Threat Report (2008)
Arbor Networks.: Worldwide Infrastructure Security Report (2007)
Mirkovic, J.: D-WARD:Source-End defense Against Distributed Denial-of-Service Attacks. Ph.D Thesis (2003)
Websense.: Malicious Facebook Password Spam (2009), http://securitylabs.websense.com/content/Alerts/3496.aspx
Nazario, J.: Twitter-based Botnet Command Channel (2009), http://asert.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/
Natvig, K.: Sandbox Technology Inside AV Scanners. In: Virus Bulletin Conference, pp. 475-488 (2001)
Futamura, K., Ehrlich, W., Rexroad, C.B.: Method and apparatus for detecting worms. filed U.S. Pattent (2005)
Racine, S.: Analysis of internet relay chat usage of ddos zombies. Master’s thesis, ETH Zurich (2004)
The Honeynet Project & Research Alliance.: Know your enemy: Tracking botnets (2005), http://www.honeynet.org
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting and disrupting botnets. In: 1st Workshop on Steps to Reducing Unwanted Traffic on the Internet, SRUTI (2005)
Trend Micro, Taxonomy of Bonet Threats, A Trend Micro White Paper (2006)
Bobor, V.: Efficient Intrusion Detection System Architecture Based on Neural Networks and Genetic Algorithms. Department of Computer and Systems Sciences, Stockholm University, Royal Institute of Technology, KTH/DSV (2006)
Zhang, J., Zulkernine, M.: Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection. In: Symposium on Network Security and Information Assurance-Proc. of the IEEE International Conference on Communications, ICC (2006)
Singh, S., Silakari, S.: A Survey of Cyber Attack Detection Systems. IJCSNS International Journal of Computer Science and Network Security 9(5) (2009)
De Boer, P., Pels, M.: Host-Based Intrusion Detection Systems. Technical Report:1.10, Faculty of Science, Informatics Institute, University of Amsterdam (2005)
Packet, Cisco Systems User Magazine, Second Quarter (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, Jg., Kim, J.h., Seo, D., Soh, W., Kim, S. (2010). Study of Host-Based Cyber Attack Precursor Symptom Detection Algorithm. In: Kim, Th., Vasilakos, T., Sakurai, K., Xiao, Y., Zhao, G., Ślęzak, D. (eds) Communication and Networking. FGCN 2010. Communications in Computer and Information Science, vol 120. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17604-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-17604-3_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17603-6
Online ISBN: 978-3-642-17604-3
eBook Packages: Computer ScienceComputer Science (R0)