Hossein Rouhani Zeidanloo

A taxonomy of Botnet detection techniques

Among the diverse forms of malware, Botnet is the most widespread and serious threat which occurs commonly in todays cyber attacks. Botnets are collections of compromised computers which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. They provide a distributed platform for several illegal activities such as launching distributed denial of service (DDOS) attacks against critical targets, malware distribution, phishing, and click fraud. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC, HTTP) and structures (e.g., centralized), and can become ineffective as Botnets change their structure and C&C techniques. The detection of Botnet has been a major research topic in recent years. Different techniques and approaches have been proposed for detection and tracking of Botnet. This survey classifies Botnet detection techniques into two approaches. One approach is based on setting up honeynets and another approach is based on Intrusion Detection System( IDS) which has been categorized into signature-based and anomaly-based detection techniques.

Botnet Command and Control Mechanisms

Botnet is most widespread and occurs commonly in todays cyber attacks, resulting in serious threats to our network assets and organizations properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C & C) infrastructure. They are used to distribute commands to the Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, sending large amount of SPAM and other nefarious purposes. Understanding the Botnet C & C channels is a critical component to precisely identify, detect, and mitigate the Botnets threats. Therefore, in this paper we provide a classification of Botnets C & C channels and evaluate well-known protocols (e.g. IRC, HTTP, and P2P) which are being used in each of them.

Botnet detection based on traffic monitoring

Botnet is most widespread and occurs commonly in todays cyber attacks, resulting in serious threats to our network assets and organizations properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. They are used to distribute commands to the Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as Botnets change their structure and C&C techniques. In this paper, we proposed a new general detection framework. This proposed framework is based on finding similar communication patterns and behaviors among the group of hosts that are performing at least one malicious activity. The point that distinguishes our proposed detection framework from many other similar works is that there is no need for prior knowledge of Botnets such as Botnet signature.

Genetic substitution-based audio steganography for high capacity applications

A wide range of steganography techniques has been described in this paper. Beside the evaluation of embedding parameters for the existing techniques, two problems – weaknesses – of substitution techniques are investigated which if they could be solved, the large capacity – strength – of substitution techniques would be practical. Furthermore, a novel, principled approach to resolve the problems is presented. Using the proposed genetic concept, message bits are embedded into multiple, LSB layers, resulting in increased capacity.

Botnet detection based on common network behaviors by utilizing Artificial Immune System(AIS)

Botnet is most widespread and occurs commonly in todays cyber attacks, resulting in serious threats to our network assets and organizations properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. In this paper, we proposed a new general Botnet detection framework. Since Artificial Immune System (AIS) is a new bio-inspired model which is applied for solving various problems in the field of information security, we used this concept in our proposed framework to make it more efficient. Our framework is based on definition of Botnets. Botnet has been defined as a group of bots that perform similar communication and malicious activity patterns within the same Botnet. We utilized AIS to effectively detect malicious activities such as spam and port scanning in bot infected hosts.

Genetic Audio Watermarking

This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. Substitution techniques have naturally high capacity, but two major problems, having low robustness and transparency, negate the advantage. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Interpretative Key Management (IKM), A Novel Framework

Nowadays, we use cryptography keys to secure our communications. One of the common ways for securing data exchanging is via the use of symmetric keys to encipher transmitted data over network. Todays practices for managing keys face many issues in key generation, distribution, and revocation. In this paper we propose interpretative key management method which is simpler than the current practices. Eliminating the need for key storage, the need for key distribution, automatic key revocation, and unique key per session are the main features of the new proposed key management method. Deletion of some steps and replacing some others with new ones helped us to dominate many issues faced with common practices of key management.

New Approach for Detection of IRC and P2P Botnets

Botnet is most widespread and occurs commonly in todays cyber attacks, resulting in serious threats to our network assets and organizations properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (CC Botnet; Bot; IRC; P2P