Title: Detection and prevention of botnets and malware in an enterprise network

Authors: Manoj Rameshchandra Thakur; Divye Raj Khilnani; Kushagra Gupta; Sandeep Jain; Vineet Agarwal; Suneeta Sane; Sugata Sanyal; Prabhakar S. Dhekne

Addresses: Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Computer Science Department, Veermata Jijabai Technological Institute (VJTI), Mumbai, India. ' Tata Institute of Fundamental Research, Mumbai, India. ' Bhabha Atomic Research Centre, Mumbai, India

Abstract: One of the most significant threats faced by enterprise networks is from bots. A bot is a program that operates as an agent for a user and runs simulated tasks over the internet, at a much higher rate than would be possible for a human alone. A collection of bots in a network, used for malicious purposes, is referred to as botnet. Our proposed novel approach can detect and combat bots, adopting a two-pronged strategy, using a stand-alone and a network algorithm. The stand-alone algorithm, which runs independently on each node of the network, monitors active processes on the node and triggers the network algorithm when a suspicious process is identified. The network algorithm will then analyse conversations to and from the hosts to deduce the bot pattern and bot signatures which can subsequently be used by the stand-alone algorithm to thwart bot processes at their very onset.

Keywords: botnets; flow_data; malware; two-pronged approach; DDoS; distributed denial of service; IRC bots; stand-alone algorithms; network algorithms; DTW; dynamic time warping; enterprise networks; bot patterns; bot signatures.

DOI: 10.1504/IJWMC.2012.046776

International Journal of Wireless and Mobile Computing, 2012 Vol.5 No.2, pp.144 - 153

Received: 21 Nov 2011
Accepted: 01 Dec 2011

Published online: 07 May 2012 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article