<![CDATA[The research presented in this article aims to identify “plague” botnet communication pattern, with the aid of Wireshark Packet Analyzer as proof of concept (PoC) towards unique communication pattern analysis between infected host and botnet. The research is conducted on public IRC (Internet Relay Chat) network, specifically at the opened domain for botnet research, that is, irc.accesox.net. COMODO Internet Security also used for determining files downloaded by the botnet to identify whether there any malware or not. The observation is done on 60 captured packets, which then the TCP stream excerpt and the protocols hierarchy statistic from those packets being analyzed. Based on the analysis of TCP stream excerpt and the protocols hierarchy statistic, the communication pattern between bot, botmaster, and infected host are known. Wireshark could show the data inside the TCP stream excerpt and all captured protocols. The conducted analysis on TCP stream excerpt and protocols hierarchy statistic is based on RFC 2812 (Internet Relay Chat: Client Protocol – IETF Tools). The analysis on TCP stream excerpt and protocols hierarchy statistic yield botnet activity information for the next step of the analysis of botnet attack, which is dataset and prediction model building. The prediction model can then be implemented to predict whether network traffic is safe or harmful. Keywords: botnet, COMODO internet security, Internet Relay Chat (IRC), RFC 2812, Wireshark]]>
Copyrights © 2019
