BOTNET DETECTION FROM DRIVE-BY DOWNLOADS
Abstract
The advancement in Information Technology has brought about an advancement in the development and deployment of malware. Bot Malware have brought about immense compromise in computer security. Various ways for the deployment of such bots have been devised by attackers and they are becoming stealthier and more evasive by the day. Detecting such bots has proven to be difficult even though there are various detection techniques. In this work, a packet capturing and analysis technique for detecting host-based bots on their characteristics and behavior is proposed. The system captures network traffic first, to establish normal traffic, then already captured botnet traffic was used to test the system. The system filters out HTTP packets and analyses these packets to further filter out botnet traffic from normal internet traffic. The system was able to detect malicious packets with a False Positive Rate of 0.2 and accuracy of 99.91%.