New detection of peer-to-peer controlled bots on the host
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Bait your hook: a novel detection technique for keyloggers
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
KLIMAX: profiling memory write patterns to detect keystroke-harvesting malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
NoisyKey: tolerating keyloggers via keystrokes hiding
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
| Hi-index | 0.00 |
A bot is a piece of software that is usually installed on an infected machine without the user’s knowledge. A bot is controlled remotely by the attacker under a Command and Control structure. Recent statistics show that bots represent one of the fastest growing threats to our network by performing malicious activities such as email spamming or keylogging. However, few bot detection techniques have been developed to date. In this paper, we investigate a behavioural algorithm to detect a single bot that uses keylogging activity. Our approach involves the use of function calls analysis for the detection of the bot with a keylogging component. Correlation of the frequency of function calls made by the bot with other system signals during a specified time-window is performed to enhance the detection scheme. We perform a range of experiments with the spybot. Our results show that there is a high correlation between some function calls executed by this bot which indicates abnormal activity in our system.