Abstract:Ensuring the security of computers and their associated networks is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a 'bot' - a malicious piece of software which is installed on a host machine and is controlled by a remote attacker, termed the 'botmaster of a botnet'. In this work, we use the biologically inspired Dendritic Cell Algorithm (DCA) to detect the existence of a single bot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single bot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs. I. INTRODUCTION Computer systems and networks come under frequent attack from a diverse set of malicious programs and activity. Computer viruses posed a large problem in the late 1980's and computer worms were problematic in the 1990s through to the early 21st Century. While the detection of such worms and viruses is improving a new threat has emerged in the form of the botnet. Botnets are decentralised, distributed networks of subverted machines, controlled by a central commander, affectionately termed the 'botmaster'. A single bot is a malicious piece of software which, when installed on an unsuspecting host, transforms host into a zombie machine. Bots can install themselves on host machines through sev- eral different mechanisms, with common methods including direct download from the internet, through malicious files received as emails or via the exploitation of bugs present in internet browsing software (15). Bots typically exploit traditional networking protocols for the communication component of their 'command and control' structure. Such variants of bots IRC (Internet Relay Chat) bots, HTTP bots and more recently Peer-to-Peer bots. In this research we are primarily interested in the detection of IRC bots as they appear to be highly prevalent within the botnet community, and seemingly little research has been performed within this area of computer security. IRC is a chat based protocol consisting of various 'channels' to which a user of the IRC network can connect. Upon infection

DCA for bot detection

DCA for Bot Detection

Performance Evaluation of DCA and SRC on a Single Bot Detection

Efficient Detect Scheme of Botnet Command and Control Communication.

Deterministic Dendritic Cell Algorithm for Online Detection of Botnet

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

Detecting Danger: The Dendritic Cell Algorithm

Detecting bot-infected machines based on analyzing the similar periodic DNS queries

Detecting Dga-Based Botnet with Dns Traffic Analysis in Monitored Network

Detecting Bots Based on Keylogging Activities

A Novel Irc Botnet Detection Method Based On Packet Size Sequence

Detecting Botnets Through Log Correlation

Identifying bot infection using neural networks on DNS traffic

DeepC2: AI-powered Covert Botnet Command and Control on OSNs.

An Effective Conversation-Based Botnet Detection Method

Diving Deep With BotLab-DS1: A Novel Ground Truth-Empowered Botnet Dataset

BotDetector: a System for Identifying DGA-based Botnet with CNN-LSTM

Behavioural Correlation for Detecting P2P Bots

Detecting Domain-Flux Botnet Based On Dns Traffic Features In Managed Network

Machine Learning-Based Botnet Detection in Software-Defined Network: A Systematic Review

Botnet Detection Technology Based On Dns