Abstract—the numbers of the botnet attacks are increasing day by day and the detection of botnet spreading in the network has become very challenging. Bots are having specific characteristics in comparison of normal malware as they are controlled by the remote master server and usually don’t show their behavior like normal malware until they don’t receive any command from their master server. Most of time bot malware are inactive, hence it is very difficult to detect. Further the detection or tracking of the network of theses bots requires an infrastructure that should be able to collect the data from a diverse range of data sources and correlate the data to bring the bigger picture in view.In this paper, we are sharing our experience of botnet detection in the private network as well as in public zone by deploying the nepenthes honeypots. The automated framework for malware collection using nepenthes and analysis using antivirus scan are discussed. The experimental results of botnet detection by enabling nepenthes honeypots in network are shown. Also we saw that existing known bots in our network can be detected.

Index Terms—Malware, Bots, Network Security, Nepenthes, Honeypots, Privacy

Cite: Sanjeev Kumar, Rakesh Sehgal, Paramdeep Singh, and Ankit Chaudhary, "Nepenthes Honeypots Based Botnet Detection," Journal of Advances in Information Technology, Vol. 3, No. 4, pp. 215-221, November, 2012.doi:10.4304/jait.3.4.215-221