Presentation Material

Abstract

Botnets are one of the most serious threats to internet security. A botnet is a network of computers on internet which are under the influence of a malware code, oblivious to the owner of that computer and sends out transmissions (virus or spam) to other computers on internet. Botnet can be utilized for DoS attacks, phishing, spamming and many other fraudulent activities. Therefore, it is important to detect botnets. In this paper we will describe the strategy for botnet detection by detecting the fast flux characteristics of a botnet. Through fast flux bot-master DNS uses different IP addresses so that no one would be able to detect the actual physical location of the server of the botnet. Thus, in our approach we are using K-means clustering to the DNS data to detect the fast flux and other heuristics which are common to Botnets.