Abstract:
We've worked on botnets detection by analyzing real web-server logs. The special software product has been created to generate a sample of IP addresses, ports, and login/password pairs from the log le, which contains unsuccessful authorizations reports. As the result, a map of potential botnets was compiled, besides the most dangerous passwords, and a blacklist of IP addresses was obtained.
Keywords:botnet detection, analysis of log les, web server.
Fulltext:
PDF file (1204 kB)