Signature generation model for
botnet command and control channel

J4 ›› 2013, Vol. 35 ›› Issue (2): 62-67.

• 论文 • Previous Articles Next Articles

Signature generation model for botnet command and control channel

WANG Hailong1,2,TANG Yong2,GONG Zhenghu2

(1.China Electric Equipment and Systems Engineering Ltd.,Beijing 100039; 2.School of Computer Science,National University of Defense Technology,Changsha 410073,China)

Received:2011-03-17 Revised:2011-07-24 Online:2013-02-25 Published:2013-02-25

Abstract

Abstract:

The malicious activities such as distributed denial of service attack, spam sending, and sensitive information theft launched by botnet have been the serious threats to Internet security. Command and control channel is the only way for botnet to manipulate these malicious activities. With the features of relatively fixed command format and string in the command and control channel, a novel signature generation model is proposed based on the existing techniques of signature generation, which focuses on the edge network’s suspect traffics. Experiment results show that the proposed model can generate accurate signatures conforming to the command format. Furthermore, the intrusion detection rules generated from these signatures can be used to identify the zombies effectively.

Key words: botnet;network security;command and control channel;signature generation;intrusion detection

WANG Hailong1,2,TANG Yong2,GONG Zhenghu2. Signature generation model for botnet command and control channel[J]. J4, 2013, 35(2): 62-67.

Signature generation model for botnet command and control channel

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 0

Recommended Articles

Metrics

Comments