Abstract

Networked hosts' vulnerabilities pose some serious threats to the operation of computer networks. Modern at tacks are increasingly complex, and exploit many strategies in order to perform their intended malicious tasks. Attackers have developed the ability of controlling large sets of infected hosts, characterized by complex executable command sets, each taking part in cooperative and coordinated attacks. There are many ways to perform control on an army of possibly unaware infected hosts, and an example of such techniques is discussed in this paper. We will address the problem of detecting botnets, by introducing a network traffic analysis architecture, and describing a behavioral model, for a specific class of network users, capable of identifying botnet-related activities.