Skip to main content

Detection of botnets mounted on the Session Initiation Protocol

Date created
2011-03-23
Authors/Contributors
Abstract
A botnet is a group of compromised computers (called bots) controlled by remote attackers to distribute spam emails, launch denial of service attacks, and perform other malicious activities. Botnets can be deployed on top of different protocols, such as the Internet Relay Chat (IRC), the Hyper Text Transfer Protocol (HTTP), and the Session Initiation Protocol (SIP). The SIP is widely used to initiate voice over IP, and it has been recently adopted by the telecommunications standards bodies to be the signaling protocol for mobile telecommunication core networks. Such adoption will introduce a huge number of potential devices to botnets. Therefore, botnets deployed over the SIP present a serious threat for the Internet. We propose a novel approach to detect SIP botnets by looking for users who behave in similar and coordinated patterns. We show through extensive experimental evaluations that the proposed approach achieves low false positive and false negative rates.
Document
Identifier
etd6482
Copyright statement
Copyright is held by the author.
Permissions
The author granted permission for the file to be printed and for the text to be copied and pasted.
Scholarly level
Member of collection
Download file Size
etd6482_MAlkurbi.pdf 754.18 KB

Views & downloads - as of June 2023

Views: 0
Downloads: 0