Skip to Main Content
Botnet is a collection of computer hosts exploited by malicious software that is remotely controlled through a command and control channel. More new types of attacks invented based on Botnets. Because of usage of legitimate IRC (Internet Relay Chat) servers to command and control the bots, it is hard to detect and remove Botnets. Flow information may keep the fingerprint of bots and can be used to identify IRC-based Botnets. The proposed method applies flow correlation for grouping the same activities of the same IRC-based bots. After flow correlation, the normal IRC and abnormal IRC traces are identified by scoring technique.