Bot Detection

[Abstract]
Recently, botnet becomes a social problem due to the expansion of bot infection. It is important to implement an information system which detects bot-infected computers and alerts them. We focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server. We observed the actual traffic of some ports which were often used by IRC protocol. We examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

• 釘崎裕司，笠原義晃，堀良彰，櫻井幸一， “トラフィック解析に基づくボット検知手法”， 研究報告 コンピュータセキュリティ No2007-CSEC-037，2007年5月 Vol2007 No.48 pp57-62
• Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hoti, Kouichi Sakurai, "Bot Detection based on Traffic Analysis", IEEE Computer Society, The 2007 International Conference on Intelligent Pervasive Computing, pp303-306