Abstract—Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. In this paper, we proposed a new general detection framework which currently focuses on P2P based and IRC based Botnets. Since Artificial Immune System (AIS) is a new bio-inspired model which is applied for solving various problems in the field of information security, we used this concept in our proposed framework to make it more efficient. Our framework in P2P part is based on definition of Botnets. Botnet has been defined as a group of bots that perform similar communication and malicious activity patterns within the same Botnet. We utilized AIS to effectively detect malicious activities in P2P part. Our framework in IRC part is based on calculating Delay Time (Td) which is a time frame between sending IRC NICK command and IRC JOIN command. The point that distinguishes our proposed detection framework from many other similar works is that there is no need for prior knowledge of Botnets such as Botnet signature.

Index Terms—AIS; Botnet; Bot; IRC; P2P

Hossein Rouhani Zeidanloo, Farhoud Hosseinpour and Farhood Farid Etemad, Faculty of Computer Science and Information System, University of Technology Malaysia(UTM), Kuala Lumpur, Malaysia. (Email:H_Rouhani@hotmail.com, F.Hosseinpour@gmail.com,Fa.Faridetemad@gmail.com .

Cite: Hossein Rouhani Zeidanloo, Farhoud Hosseinpour and Farhood Farid Etemad, "New Approach for Detection of IRC and P2P Botnets," International Journal of Computer and Electrical Engineering vol. 2, no. 6, pp. 1029-1038, 2010.