DCA for Bot Detection

10 Pages Posted: 26 Aug 2016

See all articles by Yousof Al-Hammadi

Yousof Al-Hammadi

Khalifa University

Uwe Aickelin

University of Melbourne - School of Computing and Information Systems

Julie Greensmith

University of Nottingham - School of Computer Science

Date Written: January 1, 2008

Abstract

Ensuring the security of computers is a nontrivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a ‘bot’ - a malicious piece of software which is installed on a host machine and is controlled by a remote attacker, termed the ‘botmaster of a botnet’. In this work, we use the biologically inspired Dendritic Cell Algorithm (DCA) to detect the existence of a single bot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single bot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.

Suggested Citation

Al-Hammadi, Yousof and Aickelin, Uwe and Greensmith, Julie, DCA for Bot Detection (January 1, 2008). Available at SSRN: https://ssrn.com/abstract=2830396 or http://dx.doi.org/10.2139/ssrn.2830396

Yousof Al-Hammadi

Khalifa University ( email )

Abu Dhabi
United Arab Emirates

Uwe Aickelin (Contact Author)

University of Melbourne - School of Computing and Information Systems ( email )

Australia

Julie Greensmith

University of Nottingham - School of Computer Science ( email )

Jubilee Campus
Wollaton Road
Nottingham, NG8 1BB
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
31
Abstract Views
403
PlumX Metrics